FAQ suggests push notifications are just one of the ways to keep SWs running. What are the others? Do they all require user permission?
You also leak to network operator that you previously visited that site due to DNS/SNI/etc. leaks.
-
-
Seems bad to permit this without user consent.
-
We have discussed that at length too.
-
Discussed at length != addressed the concerns or came to conclusions that other people think is reasonable.
-
Pretty sure there's internal discussion on a lot of things that are unreasonable, like telling sites build id + phone model / OS build id.
-
Or giving precise details on GPU information and allowing dumping of the rendered buffers. Or the battery API that's not even portable.
-
Every API we add has the potential for misdesign. That's why we focus on working in standards and ensuring impl flexibility.
-
For instance, for one-shot background sync, one idea we discussed was only allowing site/network pairs that had been previously seen.
-
And the API has been designed to allow a flexible policy like this should we decide it's better in the future.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.