Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add privacy considerations for cached/persisted data #259

Merged
merged 2 commits into from
Apr 21, 2022
Merged

Add privacy considerations for cached/persisted data #259

merged 2 commits into from
Apr 21, 2022

Conversation

anssiko
Copy link
Member

@anssiko anssiko commented Mar 22, 2022
edited by pr-preview bot
Loading

Fix #254

Preview | Diff

@anssiko anssiko mentioned this pull request Mar 22, 2022
Closed
@anssiko
Copy link
Member Author

anssiko commented Mar 22, 2022

(Build fails due to #258)

@anssiko
Copy link
Member Author

anssiko commented Mar 23, 2022

(PR rebased, build passes.)

krgovind
krgovind reviewed Mar 23, 2022
View reviewed changes
index.bs Outdated
@@ -394,7 +394,9 @@ No information from the underlying platform is exposed directly. An execution ti

Note: The group is <a href="https://github.com/webmachinelearning/webnn/issues/85">soliciting further input</a> on the proposed execution time analysis fingerprinting vector and will augment this section with more information and mitigations to inform the implementers of this API.

Implementers of this API are expected to be familiar with the <a href="https://gpuweb.github.io/gpuweb/#security-privacy">WebGPU Privacy Considerations</a>.
This API mitigates against timing attacks that rely on data caching or persistence by not intrinsically supporting custom shader authoring. Instead, the API builds upon pre-existing shaders and lower level primitives of the browser or the underlying OS. Web developers who interface with {{GPUDevice}} are expected to be aware of <a href="https://gpuweb.github.io/gpuweb/#privacy-user-agent-state">WebGPU compilation cache considerations</a>.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this sentence may be a bit backward. Should we say "Unlike APIs like WebGL, and WebGPU; this API does not intrinsically supporting custom shader authoring; and as a result is not prone to timing attacks that rely on shader caches, or other persistent data. "?

@anssiko
Copy link
Member Author

anssiko commented Mar 24, 2022

Thanks @krgovind et al. for the suggestion. The PR has been updated, PTAL.

@anssiko
Copy link
Member Author

anssiko commented Mar 31, 2022

@krgovind, gentle ping PTAL the updated PR (I'll resolve the merge conflict after getting your review.)

krgovind
krgovind approved these changes Mar 31, 2022
View reviewed changes
Copy link

@krgovind krgovind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thank you.

@anssiko
Copy link
Member Author

anssiko commented Apr 4, 2022

PTAL @huningxin @wchao1115

As discussed we wanted to refresh the privacy considerations. It is fine to do that in a piecemeal fashion as review feedback such as this comes in.

(Another possible privacy-impacting design considerations we want to settle on will be around device selection, normative vs. hint. Once that design settles, we're good to re-engage with PING.)

huningxin
huningxin approved these changes Apr 21, 2022
View reviewed changes
Copy link
Contributor

@huningxin huningxin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @anssiko !

@anssiko
Copy link
Member Author

anssiko commented Apr 21, 2022

With two reviews, I'll merge this. Thanks @krgovind and @huningxin!

@anssiko anssiko merged commit c7c0b85 into main Apr 21, 2022
@anssiko anssiko deleted the privacy-considerations branch April 21, 2022 15:20
github-actions bot added a commit that referenced this pull request Apr 21, 2022
@anssiko @github-actions
Merge pull request #259 from webmachinelearning/privacy-considerations
0b49b37 
SHA: c7c0b85
Reason: push, by @anssiko

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@anssiko anssiko added the privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. label May 24, 2022
@w3cbot w3cbot mentioned this pull request May 24, 2022
Open
@anssiko anssiko mentioned this pull request Jun 23, 2022
Closed
10 tasks
@anssiko anssiko mentioned this pull request Jun 30, 2022
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@huningxin huningxin huningxin approved these changes

@krgovind krgovind krgovind approved these changes

@RafaelCintron RafaelCintron Awaiting requested review from RafaelCintron

@wchao1115 wchao1115 Awaiting requested review from wchao1115

Assignees
No one assigned
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Privacy considerations for cached/persisted data
3 participants
@anssiko @huningxin @krgovind