Compute Pressure API

[oyiptong]

Request for Mozilla Position on an Emerging Web Specification

• Specification Title: Compute Pressure API
• Specification or proposal URL: https://w3c.github.io/compute-pressure/
• Caniuse.com URL (optional):
• Bugzilla URL (optional):
• Mozillians who can provide input (optional):

Other information

The explainer is here: https://github.com/w3c/compute-pressure/blob/main/README.md
ChromeStatus.com entry here: https://chromestatus.com/features/5597608644968448
TAG design review request here: w3ctag/design-reviews#621

Thanks!

[annevk]

Concerns listed in https://lists.webkit.org/pipermail/webkit-dev/2021-May/031848.html seem rather problematic.

[zcorpan]

Per w3ctag/design-reviews#795 it seems the WG has addressed the feedback cited above.

[bvandersloot-mozilla]

Hello editors, @kenchris and @arskama:

👋 Firefox Privacy Team Member here!

Putting some of the resources I've reviewed here:

• Compute Pressure API 2023-02-07 w3cping/privacy-request#113 (and the subsequent spec issues)
• Compute Pressure Specification Review w3ctag/design-reviews#795
• https://w3c.github.io/compute-pressure/ 😄

If I understand the design right, the feature gives websites a way to request regular updates to the platform's CPU load info, rendered as a 4-valued enum for each "pressure source". The browser has broad liberty to map the platform's signals to that enum, including latching values for some time and even obfuscating values if it looks like the API is being used as a side-channel. But overall the browser gives a good sense of the vibes of the CPUs.

Overall, I'm not too worried about this as a cross-site communication mechanism due to the mitigations of rate obfuscation and same origin restriction. Excellent work incorporating PING's feedback. I think that for many cases, the CPU load-as-measured-by-sidechannel would offer more information to an attacker. I would feel much more confident in that assertion if only pressure sources being utilized by the global doing the monitoring- is that possible?

Would it be reasonable to randomize the order of pressure sources? I don't have a fleshed out attack here, but it may be possible to learn which CPU the current tab is hosted in, and that may enable some cross site leaks.

Are there any use cases where a site would be incentivized to consume more client resources because it knows it will not degrade user experience? If so, contention becomes a weird problem between sites/programs.

Is there any chance to make the determiniation of the pressure states less implementation-defined? (caveat: I don't know what the platform APIs this would rely on look like) As it is, is seems like there is a reasonable risk that varied algorithms for determining those values would create drastically different behaviors for the same web app across browsers.