Peter: entropy probably the wrong name... I think this is OK but would like to get Rossen's opinion. I have a concern about how this might expose additional fingerprinting surface or allow side-channel attacks. I accept it's "past" state but it's also coming along side of some high resolution timers... which can be used for side-channel attacks.

peter to leave comment

Rossen: initial lightweight feedback, well received... it's complex. If the system is already under heavy load you'll experience different performance characteristics compared to if it wasn't. This is one way of allowing you to better profile your payloads. Straightforward from addition pov.

Peter: I asked about side channels and they answered with a question. Also about whether something comes out of a cache or not.. curious if someone can use this flag if the system is lying about other metrics.. depends on how it's implemented. There are other cases where the system is going to load it from the cache but pretend it's nto loading it from teh cache so you don't get a timing attack. Is this going to report that the system is under high load or not? If the system isn't hitting the network it's hitting the cache maybe this would reveal that the other api is lying and expose information

Rossen: the cache api or the performance metrics api?

Peter: the perf metrics of loading. Faking a network request but pulling something out of the cache

Rossen: the system is under normal load, and your nativation takes a long time vs a short time?

Peter: maybe under normal circumstances if the resource wasn't in the cache your system would be under heavy load, but now it's in the cache but your system is pretending to load it, but the system isn't under load, by exposing the system load you can infer that this really was cached after all and we negated the mitigation in the other place where we were lying about the fact it was in the cache. Not perfect, but it's information. Other things like battery status where people can use very scant information to pull pretty accurate information

Rossen: I can remember the battery discussions.. the strong feedback from mozilla at the time. Not sure how this compares to it though

Peter: not convinced this is a problem. Just concerned that it might be and I'd like people who know better to look at it. I can leave the feedback.

Rossen: trying to wrap my head around how detecting of the cache usage happens with this new entropy state. Let's see what they come back with

Peter: should we defer?

Rossen: yes i think we should wait for feedback.

Peter: still waiting for feedback.

Peter: we haven't heard back from them on the last reply to their response...

Rossen: let me ping internally and see what's happening with this. They're still interested in moving forward and are going to update soon.

punted for now

Pending external feedback on how it fits with the privacy principles.

Dan: nothing to do here - still pending - assigned Hadley to the issue

Still pending external feedback. Have been waiting for 7 months.