See also: IRC log
<gnorcie> ok im in
<gnorcie> ob speakerphone in joe's office
<npd> sorry, I don't know the room number or the password for the room number that keiji just listed
<gnorcie> it's the same room #
<gnorcie> think just different PW?
<gnorcie> PW 648 680 693
<npd> thanks!
<gnorcie> err wait
<keiji> https://mit.webex.com/mit/e.php?MTID=m6715d68b491a1a3eecc18f700b294bd5
<christine> perhaps a meeting link might help
present=npdoty,gnorcie,tara,plh,yoav, toddreifsteck, igrigorik
<npd> yay, thanks keiji
<keiji> Thank you npd.
<scribe> scribenick: wseltzer
toddreifsteck: Todd Reifsteck,
co-chair of WebPerf WG
... along with Ilya Grigorik
plh: Philippe Le Hegaret, team contact for WebPerf
yoav: Yoav Weiss, also in the Web Perf WG
Charles_L._Perkins: Charles L Perkins, Virtual Rendezvous
<christine> Let's switch and do web performance first
<VirtualRendezvous> I tried with the port number, I think I am in IRC now, this is Charles L. Perkins, from do not track years back
<toddreifsteck> HR-Time Spec Link--https://w3c.github.io/hr-time/
<VirtualRendezvous> Thanks Wendy
<npd> does anyone have a link handy to the paper or presentation?
<plh> https://lists.w3.org/Archives/Public/public-privacy/2015OctDec/0134.html
plh: mid-November, I sent a
request ot the group because we wanted to push High Res Time
version 2
... we already published v1
... 2 goals: define "time" when used in performance
timeline
... and second, how to access it
... a minimalist API, concept reused across performance
specs
... Our goal was to get time as accurate as possible in our
measurements
... APIs to let you measure hwo your app is doing on the web
from PoV of user
<scribe> ... new in v2 is not highly sinister
UNKNOWN_SPEAKER: we allow you to
get the time in workers
... so we had to define time precisely
... some questions remain on the need to compare timelines
across contexts
... method in the ED, translate time, not yet ready for
v2
... One thing that came up last year was that our spec could be
used for timing attacks.
... we were forced to reduce accuracy of timer to prevent
timing attacks.
... based on research papers.
<VirtualRendezvous> What about non streaming time, like DIS in late 90s, time reveal, scrolling thru time, etc.
UNKNOWN_SPEAKER: More recently,
another reported attack
... exploit not yet complete in JS, and we talked with
researcher, who said there was nothing that we could do to
prevent it
... even a more granular accuracy wouldn't stop it
<VirtualRendezvous> time reversal, seeing time as not just present limited for larger time definition
<npd> is there a link to the paper for that more recent attack?
<npd> that was the March 2015 paper
<VirtualRendezvous> (likely irrelevant today, maybe useful in future specs, getting up to speed here)
<plh> https://github.com/w3c/hr-time/issues/4
-> http://www.rowhammer.com/ the underlying attack, with reference to the JS
plh: Questions or concerns from PING?
<christine> +Q
<VirtualRendezvous> +Q
christine: is the access to timing data secure?
plh: It
... It's JS, we don't control the origin of the JS
... it follows the same-origin policy and CORS, etc.
... we didn't introduce new restrictions
<npd> wseltzer: secure contexts or powerful features restriction. is it considered a "powerful feature"?
plh: not sure. Chairs?
toddreifsteck: original performance.now was implemented before powerful features
<plh> https://www.w3.org/TR/powerful-features/
toddreifsteck: hr2, just an update to enable workers, we didn't add the restriction
wseltzer: some discussion whether workers themselves shoudl be considered powerful features
tara: we'll want to watch that
VirtualRendezvous: very high
performance measurement, DIS, attacks on jet missiles
... there was work on interaction of 4-dimensional streams
3D+time
<npd> does the draft mark that translateTime is not going to be continued in this version?
plh: pointer to the research?
VirtualRendezvous: Warren Katz, MAK is an expert in the area
<Zakim> npd, you wanted to ask if the attack is detectable, the way that repeated attacks for timing caching would typically be
npd: as I understand, rowhammer is different from cache timing
plh: it depends on cache timing,
deducing the location in memory in order to attack it
... by using timing attacks on CPU caching, they got physical
addressess of memory
... and then overwrite it with bit-flip attacks.
... it's a hw issue, a flaw in the underlying OS and memory
mapping, and the underlying chipsets
... but since people won't update hw and BIOS soon, they need
to update OS. It's not web platform-specific.
npd: trying to understand
mitigations
... at least an attack that has to be repeated multiple times
is observable
... is rowhammer repeated multiple times?
plh: not sure how many times it's
called
... author said even if we reduce accuracy of timer, you can
still use JS data object
npd: what if you limited how often the function could be called?
<VirtualRendezvous> (if anyone needs to follow up on 4D time, DIS, find me via Gplus.to/4VR) --clp, Charles
plh: we're not aware of type that gives row access in JS
npd: in combination with native access to run code
yoav: If an attacker has access to run arbitrary binaries on the machine, they don't really need performance.now to attack
<gnorcie> hey just a reminder we're 40 in, would like to discuss privacy qs if there is time
keiji: also consider threat of leakage of browser history by time measurement
<npd> I'd be curious to talk to security folks about the risks, if there are any, of revealing the memory addresses even if the javascript code can't execute natively on the machine. in addition, is there a cross-origin privacy risk to detecting these addresses?
plh: time is in relation to the navigation of the page, not between pages
keiji: justification of 5us?
plh: it was implemented in all browsers and believed to be enough
<npd> and finally, would use of time.now for this rowhammer-style attack be detectable?
tara: plh, next steps?
plh: we're moving this to
CR
... to get v2 out
... thank you.
... If rowhammer gets to full force, we'll re-open the
question.
<toddreifsteck> thanks, all!
gnorcie: putting the questionnaire from wiki to github
<npd> yay for github, but yes it can be a little confusing at first
<npd> or github issues too
gnorcie: hoping pull requests can be better for feedback
<npd> wseltzer: there is a #git channel on W3C IRC, which people who use git for W3C specs to get help
gnorcie: I also want to send feedback to the TAG on their security questionnaire
<VirtualRendezvous> I've also used GO=IThub and have time for help if you need it, I am also a privacy advocate from way back, can give other feedback later --clp
<VirtualRendezvous> GIThub
<christine> @greg- yes I totally agree - discuss individual points on email
gnorcie: proposed putting an issue per thread
<npd> sure, whatever gets the feedback moving, one piece at a time is great
<chaals> +1
<VirtualRendezvous> +q
npd: when we have new privacy problems, do we think there are sufficient questions in the questionnaire?
<christine> +Q
<npd> wseltzer: what's our process for adding privacy issues to a questionnaire when we identify a privacy issue during a spec review?
VirtualRendezvous: have you
thought about how abstract UIs make privacy problems even more
challenging?
... e.g. in mobile apps, VR
<npd> I think there may be interesting problems regarding when people know they're in a browser, or what scope an in-app browser has, but that this will mostly fall in to UI
christine: Web apps are in-scope for PING; other challenges may be further from scope
<npd> I think the most straightforward case we have related to that is things like the fullscreen api
<npd> +1 to christine on raising issues in github whenever something comes up
christine: suggest using github issue tracking when we see new privacy anti-patterns
tara: +1
... and thanks to gnorcie
<npd> in fact, people are already doing this with the fingerprinting document. someone has started raising just other web privacy issues there
keiji: suggest that we
periodically review questionnaire; e.g. at TPAC, or more
frequently
... to review and update
npd: yes, gh issues work
well
... people are already opening issues on fingerprinting doc
that arent' directly fingerprinting related, so it will be
useful to have a more direct channel
chaals: +1 to gh issues
... We can usefully look at other domains to see how they've
addressed issues that we see on the Web
... our scope is Web, but other domains may offer pointers to
problems and solutions
<VirtualRendezvous> Thanks everyone, wonderful to be back at W3 privacy world again, hope to be able to contribute in Virtual Reality and native Apps soon. *waves* bye
tara: thanks all!
... see you on the mailing list
tara: Next call? end of February
npd: FYIs. on Fingerprinting, the
TAG has some feedback
... I'll be talking to them
... Also, WebPerf has been working on Beacon, whcih we
discussed.
... They have a new doc. I've opened some issues, will
discuss.
tara: Thanks Nick for doing these reviews!
<christine> Hi. I have to drop off the call. Could we do 18 instead?
tara: We'll work out the date and send something to the list.
<keiji> npd?
[adjourned]
<keiji> Thank you
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/the problem/privacy problems/ Succeeded: s/the me/them/ Found ScribeNick: wseltzer Inferring Scribes: wseltzer WARNING: Replacing previous Present list. (Old list: npdoty, christine, gnorcie, tidoust, mfoltzgoogle, wseltzer, tara, plh, yoav, toddreifsteck, igrigorik, keiji) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ npdoty, gnorcie, tara, plh, yoav, toddreifsteck, igrigorik, keiji Present: npdoty gnorcie tara plh yoav toddreifsteck igrigorik keiji christine Chaals Charles_L_Perkins WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 21 Jan 2016 Guessing minutes URL: http://www.w3.org/2016/01/21-privacy-minutes.html People with action items:[End of scribe.perl diagnostic output]