Add privacy and security mitigations #47

domenic · 2025-03-19T07:49:37Z

See individual commits for details.

This is also intended to apply to the two specs in https://github.com/webmachinelearning/translation-api, so the language is somewhat generic (e.g. a lot of discussion of "these APIs"). As with many things in built-in AI, the split across 2-3 repositories is a bit awkward, and I'm choosing for now to centralize the shared stuff into the writing assistance APIs spec.

~~This won't build until I either eliminate some of the Storage Standard references or get them exported.~~I've worked around this for now.

Preview | Diff

jyasskin

Sorry that it took me so long to get to this. The privacy and security considerations look great! I left a bunch of small points, and I can't guarantee I'll have noticed everything, but this is a big improvement to the features' overall threat modeling.

index.bs

This reverts commit 6a198be. This accidentally included a bunch of in-progress security and privacy work (#47) that had not yet been reviewed.

nathanmemmott · 2025-04-18T18:27:19Z

With the download masking, what are the possible states of after_create_availability:

// Assume we're in the "downloadable" state.
const before_create_availability = await AiAPI.availability();
assert_equals(before_create_availability, "downloadable");

const create_promise = AiAPI.create().then(()=>"model created first");
const after_create_availability_promise = AiAPI.availability();

const result = await Promise.race([create_promise, after_create_availability_promise]);

// Assume availability resolves first.
assert_not_equals(result, "model created first");
const after_create_availability = result;

Could it be "downloadable"? Or only "downloading"?

domenic · 2025-04-21T05:51:47Z

I think it could be "downloadable". Once we go in-parallel, there's a race between determining the availability and starting the download. If starting the download loses that race, then compute AI model availability will get back "downloadable".

Additionally, even if the download has already started, download masking can censor "downloading" to "downloadable".

* Require and consume user activation. * Explicitly allow the user agent to show a prompt or download UI.

This includes a couple updates to the algorithms, for download status masking and avoiding actual download cancelation, plus extensive discussion of those mitigations and others in the new "Privacy considerations" section. See webmachinelearning/translation-api#3 and webmachinelearning/translation-api#10.

See webmachinelearning/writing-assistance-apis#47. Closes #3. Closes #10.

domenic force-pushed the user-activation branch from 0d203b6 to 0d2db5d Compare March 19, 2025 07:51

domenic mentioned this pull request Mar 19, 2025

Meta: export keys, sheds, and bottles whatwg/storage#179

Closed

domenic force-pushed the user-activation branch from 0d2db5d to a6451f2 Compare March 24, 2025 04:10

domenic changed the title ~~Add various privacy mitigations for download status~~ Add privacy and security mitigations Mar 24, 2025

domenic force-pushed the user-activation branch 2 times, most recently from 5357735 to 1b85f8e Compare March 24, 2025 04:56

This was referenced Mar 24, 2025

Preventing fingerprinting via detecting the presence of downloaded language packs webmachinelearning/translation-api#3

Closed

Fake downloads, fingerprinting, cross-site covert channels webmachinelearning/translation-api#10

Closed

domenic force-pushed the user-activation branch 4 times, most recently from 112ac45 to 2f9c3bd Compare March 27, 2025 01:48

domenic mentioned this pull request Mar 31, 2025

Writing Assistance APIs w3ctag/design-reviews#991

Closed

1 task

jyasskin approved these changes Apr 14, 2025

View reviewed changes

domenic force-pushed the user-activation branch from 849f7c4 to 0ff1c76 Compare April 16, 2025 02:50

domenic added a commit that referenced this pull request Apr 16, 2025

Revert "Fix "validate and canonicalize a single language tag" call"

c2d570b

This reverts commit 6a198be. This accidentally included a bunch of in-progress security and privacy work (#47) that had not yet been reviewed.

domenic mentioned this pull request Apr 18, 2025

Should we mention anything about cancelling the download? #60

Closed

nathanmemmott mentioned this pull request Apr 18, 2025

How should we handle when the backing resources of an AI model object are discarded? #61

Closed

jyasskin mentioned this pull request Apr 21, 2025

On-device Web Speech API w3ctag/design-reviews#1038

Closed

1 task

domenic added 6 commits April 23, 2025 10:53

Add more privacy mitigations to downloading

5d6c3fb

* Require and consume user activation. * Explicitly allow the user agent to show a prompt or download UI.

Finish up the rest of the privacy considerations

c62e04d

Add security considerations

dc4ee6a

Add sensitive language availability privacy consideration

23466f5

Improve privacy and security considerations per code review

ccfb9f7

domenic force-pushed the user-activation branch from 7d95479 to ccfb9f7 Compare April 23, 2025 01:57

domenic merged commit d921045 into main Apr 23, 2025
2 checks passed

domenic deleted the user-activation branch April 23, 2025 02:08

domenic added a commit to webmachinelearning/translation-api that referenced this pull request Apr 23, 2025

Align privacy and security with writing assistance APIs

e86eef7

See webmachinelearning/writing-assistance-apis#47. Closes #3. Closes #10.

domenic mentioned this pull request Apr 23, 2025

Align privacy and security with writing assistance APIs webmachinelearning/translation-api#54

Merged

domenic added a commit to webmachinelearning/translation-api that referenced this pull request Apr 25, 2025

Align privacy and security with writing assistance APIs

919d541

See webmachinelearning/writing-assistance-apis#47. Closes #3. Closes #10.

domenic added a commit to webmachinelearning/translation-api that referenced this pull request Apr 25, 2025

Align privacy and security with writing assistance APIs

635dee1

See webmachinelearning/writing-assistance-apis#47. Closes #3. Closes #10.

evanbliu mentioned this pull request May 15, 2025

Apply privacy and security mitigations used by the Web Translation API to the Web Speech API WebAudio/web-speech-api#158

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add privacy and security mitigations #47

Add privacy and security mitigations #47

Uh oh!

domenic commented Mar 19, 2025 •

edited by pr-preview bot

Loading

Uh oh!

jyasskin left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

nathanmemmott commented Apr 18, 2025

Uh oh!

domenic commented Apr 21, 2025

Uh oh!

Uh oh!

Uh oh!

Add privacy and security mitigations #47

Add privacy and security mitigations #47

Uh oh!

Conversation

domenic commented Mar 19, 2025 • edited by pr-preview bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jyasskin left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

nathanmemmott commented Apr 18, 2025

Uh oh!

domenic commented Apr 21, 2025

Uh oh!

Uh oh!

Uh oh!

domenic commented Mar 19, 2025 •

edited by pr-preview bot

Loading