Security/Reviews/Firefox/NavigationTimingAPI

Items to be reviewed

• Feature Page: https://wiki.mozilla.org/Features/Platform/NavigationTimingAPI | Navigation Timing API
• W3C Spec: http://www.w3.org/TR/2011/CR-navigation-timing-20110315/
  • Editors Draft: http://www.w3c-test.org/webperf/specs/NavigationTiming/

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

• for web pages to get timining info about page load
  • how long dns resolution took
  • how long connection setup took
  • transfer time took
  • Dates (like Date.now()), not durations
• this is only about the html page
  • other timing interfaces in a different api (ResourceTiming)
  • doesn't expose URLs
• web performance working group at W3C has the spec for this

What solutions/approaches were considered other than the proposed solution?

• spec compliance

Why was this solution chosen?

• spec compliance / feature parity
• IE and Chrome also have this

Any security threats already considered in the design and why?=

• Spec mentions: detecting proxy servers, ..., avoid exposing URLs
• spec mentions using same origin policy (editors draft; CR)

Threat Brainstorming

• [privacy] Precise, broken-down timing information as a side channel for information leaks
• [privacy] Fingerprinting users (or groups of users!!!) by performance characteristics
• Redirect count is pinned to 0 if any of the redirects were third-party. So if you know the last piece was a same-host redirect, the 0 tells you it went through another party :/

Conclusions / Action Items

• [dveditz] Point the Tor folks at the pref for disabling this feature (dom.enable_performance)
• [curtisk] talk to Sid about privacy
• why is the IE implementation partial? did they have a problem with something? or were those properties simply not interesting enough to be worth the work?
  • I (biesi) don't believe the IE implementation to be partial...