FAQ suggests push notifications are just one of the ways to keep SWs running. What are the others? Do they all require user permission?
So if you're on a different network when connectivity is restored, you leak to site new IP address. Even if you never visit that site again.
-
-
You also leak to network operator that you previously visited that site due to DNS/SNI/etc. leaks.
-
Seems bad to permit this without user consent.
-
We have discussed that at length too.
-
Discussed at length != addressed the concerns or came to conclusions that other people think is reasonable.
-
Pretty sure there's internal discussion on a lot of things that are unreasonable, like telling sites build id + phone model / OS build id.
-
Or giving precise details on GPU information and allowing dumping of the rendered buffers. Or the battery API that's not even portable.
-
Every API we add has the potential for misdesign. That's why we focus on working in standards and ensuring impl flexibility.
-
For instance, for one-shot background sync, one idea we discussed was only allowing site/network pairs that had been previously seen.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.