[webkit-dev] Network Information API reboot: request for early feedback

Thomas Steiner tomac at google.com
Mon Aug 30 02:58:12 PDT 2021


On Mon, Aug 30, 2021 at 11:06 AM Ryosuke Niwa <rniwa at webkit.org> wrote:

> On Mon, Aug 30, 2021 at 1:17 AM Thomas Steiner <tomac at google.com> wrote:
>
>> On Sun, Aug 29, 2021 at 1:00 AM Ryosuke Niwa <rniwa at webkit.org> wrote:
>>
>>> I don't think exposing the information about whether the connection is
>>> metered or not is acceptable from the privacy standpoint. Based on the IP
>>> address of a user & this metered status, a website may even be able to tell
>>> what kind of carrier plan a given user is in.
>>>
>>
>> Thanks for the reply, Ryosuke! Just to clarify, the `metered` attribute
>> would be a manual user setting, not a browser heuristic. This means you
>> could easily mark your all-data included WiFi at home as metered if you
>> wanted to, or, on the opposite end, mark your roaming data plan you
>> purchased for a ton of money at the airport as unmetered. None of this
>> happens without the user voluntarily revealing the information.
>>
>
> I don't think it's fair to characterize any given user telling the OS to
> reduce the data usage as a consent to be profiled by random websites. I
> would certainly not expect such information to be exposed to ad trackers
> and alike.
>

Apple seems to see no issue in exposing this information to iOS/iPadOS
apps: https://developer.apple.com/videos/play/wwdc2019/712/?time=959.


> You could make the same argument for turning on low power mode but battery
> level being low or having low power mode turned on may reveal the user's
> socioeconomic status or user's immediate need to take certain actions. It
> can lead to egregious consequences like this:
> https://www.theverge.com/2016/5/20/11721890/uber-surge-pricing-low-battery.
> I definitely would not want to be seeing ads promoting new SIM cards or ads
> for a cafe with free WiFi service nearby just because I requested my phone
> to reduce data usage.
>

Yes, bad things like that can happen, and the fact that companies like Uber
make "evil" use of available information is no secret. At the same time,
companies that make "good" use of information, like Algolia's example (
https://www.algolia.com/blog/engineering/netinfo-api-algolia-javascript-client/),
hopefully outweigh the disadvantages. We don't prohibit hammers because
they can be abused as a weapon. And again, the information is exposed to
random native apps that can likewise profile you. I agree there is a
difference between a random native app and a random website, but at the
same time we have mitigations like third-party blocking (and ITP on Apple
devices) that make such profiling harder and harder.

Cheers,
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20210830/7e9f5cc4/attachment.htm>


More information about the webkit-dev mailing list