RESOLVED FIXED 191393
[iOS] WebGL leaks exact GPU type 
https://bugs.webkit.org/show_bug.cgi?id=191393
Summary [iOS] WebGL leaks exact GPU type
Dean Jackson
Reported 2018-11-07 12:50:16 PST
[iOS] WebGL leaks exact GPU type
Attachments
Patch (7.45 KB, patch)
2018-11-07 12:56 PST, Dean Jackson 		thorton: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dean Jackson
Comment 1 2018-11-07 12:50:47 PST
<rdar://problem/45788297>
Dean Jackson
Comment 2 2018-11-07 12:51:13 PST
From the radar: WebKit Per https://dieulot.fr/idevice, it's possible to get the exact GPU model via JavaScript. This can be combined with other techniques to fingerprint users (a privacy concern). Is there any reason for websites to have access to this information? Could this string simply return "Apple GPU"?
Dean Jackson
Comment 3 2018-11-07 12:56:15 PST
Created attachment 354132 [details] Patch
Dean Jackson
Comment 4 2018-11-07 13:13:20 PST
Committed r237940: <https://trac.webkit.org/changeset/237940>
Jon Lee
Comment 5 2018-11-07 13:27:24 PST
Is there a reason we are only doing this for iOS?
Brent Fulgham
Comment 6 2018-11-07 13:31:39 PST
(In reply to Jon Lee from comment #5) > Is there a reason we are only doing this for iOS? I think that title is wrong -- the change should apply to desktop as well.
Tim Horton
Comment 7 2018-11-07 13:35:42 PST
(In reply to Brent Fulgham from comment #6) > (In reply to Jon Lee from comment #5) > > Is there a reason we are only doing this for iOS? > > I think that title is wrong -- the change should apply to desktop as well. The title and the code change agree. But perhaps you mean the code change should go further?
Brent Fulgham
Comment 8 2018-11-07 13:57:45 PST
(In reply to Tim Horton from comment #7) > (In reply to Brent Fulgham from comment #6) > > (In reply to Jon Lee from comment #5) > > > Is there a reason we are only doing this for iOS? > > > > I think that title is wrong -- the change should apply to desktop as well. > > The title and the code change agree. But perhaps you mean the code change > should go further? Oh -- I see. This is about "case WebGLDebugRendererInfo::UNMASKED_RENDERER_WEBGL:" Under what circumstances is that active? Does the user need to take any particular action on a macOS system for such a value to be anything beside the default setting for all macOS builds? It seems like this might be an issue if you installed debug frameworks of some kind, but not for normal macOS users. Is that accurate? Or are there other things that might cause this to produce an interesting value?
Tim Horton
Comment 9 2018-11-07 14:04:25 PST
(In reply to Brent Fulgham from comment #8) > (In reply to Tim Horton from comment #7) > > (In reply to Brent Fulgham from comment #6) > > > (In reply to Jon Lee from comment #5) > > > > Is there a reason we are only doing this for iOS? > > > > > > I think that title is wrong -- the change should apply to desktop as well. > > > > The title and the code change agree. But perhaps you mean the code change > > should go further? > > Oh -- I see. This is about "case > WebGLDebugRendererInfo::UNMASKED_RENDERER_WEBGL:" > > Under what circumstances is that active? Does the user need to take any > particular action on a macOS system for such a value to be anything beside > the default setting for all macOS builds? > > It seems like this might be an issue if you installed debug frameworks of > some kind, but not for normal macOS users. Is that accurate? Or are there > other things that might cause this to produce an interesting value? No no, the "Debug" there isn't about debug webkit, that's the name of the web exposed API.
Brent Fulgham
Comment 10 2018-11-07 14:06:51 PST
(In reply to Tim Horton from comment #9) > (In reply to Brent Fulgham from comment #8) > > (In reply to Tim Horton from comment #7) > > > (In reply to Brent Fulgham from comment #6) > > > > (In reply to Jon Lee from comment #5) > > > > > Is there a reason we are only doing this for iOS? > > > > > > > > I think that title is wrong -- the change should apply to desktop as well. > > > > > > The title and the code change agree. But perhaps you mean the code change > > > should go further? > > > > Oh -- I see. This is about "case > > WebGLDebugRendererInfo::UNMASKED_RENDERER_WEBGL:" > > > > Under what circumstances is that active? Does the user need to take any > > particular action on a macOS system for such a value to be anything beside > > the default setting for all macOS builds? > > > > It seems like this might be an issue if you installed debug frameworks of > > some kind, but not for normal macOS users. Is that accurate? Or are there > > other things that might cause this to produce an interesting value? > > No no, the "Debug" there isn't about debug webkit, that's the name of the > web exposed API. Yikes! Then this change is totally needed on macOS. Jon was right!
Dean Jackson
Comment 11 2018-11-07 15:48:19 PST
(In reply to Brent Fulgham from comment #10) > Yikes! Then this change is totally needed on macOS. Jon was right! I'm not so sure. We've been shipping like this for years now. It was originally put in to allow Google Maps to better tailor their experience to particular GPUs. They unofficially told me that it was more useful on Windows, which has a wide range of hardware. However, there are people using it for macOS. I wouldn't have changed it for iOS except that there really shouldn't be any difference in iOS GPUs other than performance.
Note You need to log in before you can comment on or make changes to this bug.