-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add vendorId, productId, name attributes #202
base: gh-pages
Are you sure you want to change the base?
Conversation
Filed webkit bug https://bugs.webkit.org/show_bug.cgi?id=273981 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some editorial stuff... we are supportive of adding this on the WebKit side.
Co-authored-by: Marcos Cáceres <[email protected]>
Co-authored-by: Marcos Cáceres <[email protected]>
@saschanaz, can you confirm that you and folks on the Gecko side are ok with this addition? We are supportive of it on the WebKit side. |
So this is "fine" as we already have |
Vendor/product IDs enable applications to identify the gamepad model which can be useful when trying to show icons that match the labels on the gamepad's buttons. Currently, applications use Gamepad.id for this but it's not a good identifier because the content of ID string is explicitly not specified and there's no guarantee that the value will remain stable over time. The vendor/product IDs come from the device firmware so they're unlikely to change except by firmware update. It's also used for feature detection when deducing which "extra" buttons are available. We're trying to solve that use case with a GamepadButton.type attribute for identifying buttons that aren't part of the Standard Gamepad: #196 A human-readable name is important because there may be multiple gamepads connected and the application may need to ask the user to identify a connected gamepad. Gamepad.id can also be used for this but it typically includes other information like vendor/product IDs that makes it less human-readable. Mostly we want to add these attributes so that developers can eliminate browser-specific logic for parsing this information out of the underspecified Gamepad.id string. |
So three use cases:
1 may be fun but not sure it's important enough. 2 should be solved by #196. 3 sounds like a workaround rather than actual direct use case of this, how can I identify each controller by name if I have 4 Xbox 360 controllers connected? Should the application instead vibrate each controller for example so that I can know which is which? It's not adding a new fingerprinting vector, but this still eases use of unnecessarily exposed device specific info that I'd rather discuss removing |
Displaying the correct button labels is important for gaming services where players are expected to bring their own gamepad. It's confusing when the game tells you to press the "X button" but you're not sure if it means Xbox X button (buttons[2]), PlayStation Cross button (buttons[0]) or Switch X button (buttons[3]). The gamepad itself doesn't know what the correct labels are so applications need a way to decide which labels to use.
I think it's not necessary for the human-readable identifier to distinguish between devices that can't be distinguished by a human. If the controllers are identical then (in my opinion) it's fine to use the same identifier. Sometimes the product name is identical but the device itself may provide additional device-specific distinguishing information. For instance, it's possible to query a Switch Joy-Con's color. As specified in this PR it would be acceptable for a user agent to add the color information to the name string as an additional distinguishing detail. However, most gamepads don't provide a programmatic way to distinguish between cosmetic variations of the same product. On consoles this problem is solved by assigning each connected gamepad to a slot and using light indicators to distinguish slots. There's a separate proposal #143 to allow applications to set the light indicator state which could be used to distinguish otherwise identical gamepads. This approach is limited by the reality that not all gamepads have light indicators, and those that do only have a limited number of distinct configurations for representing slots.
Applications shouldn't rely on vibration since not all gamepads support vibration. Even gamepads that support the feature may give the user a way to disable it, for instance with a physical on-off switch on the gamepad. We can't assume that sending a vibration command to a gamepad will actually cause it to vibrate in a way the user will notice, but vibration could be useful in conjunction with other signals.
I don't think removing Gamepad.id is feasible because too many applications already rely on it. As a fingerprinting mitigation I think it would be reasonable for Gamepad API to offer tiered access to gamepads so that Gamepad.id is safe by default. Perhaps by default a site receives only generic information about connected gamepads similar to how PointerEvents provides almost no information about the connected pointing device. Only the standard buttons/axes are exposed and capabilities like vibration are disabled to resist fingerprinting. After granting a permission, the site would be allowed to access all information about the gamepad, including device IDs. I expect we will need to add a permission model anyway since we want to add support for more powerful gamepad capabilities that wouldn't be appropriate without stronger user consent.
I disagree mainly because of the button labels problem. Other capabilities can be automatically detected, but displaying the correct button labels requires device identification because the labels are never provided by the device itself. If we want to hide device IDs from the application then the user agent needs to provide the necessary information to select the correct button labels. I expect the fingerprinting risk of exposing labeling information is roughly equivalent to exposing the vendor/product/name since we expect these values to be highly correlated. If the API is responsible for providing this information then it increases the burden on the user agent proportional to the number of supported gamepads. If the fingerprinting risk is roughly equivalent then I think we should save ourselves the effort and let applications developers build tables of button labels for the devices they care about. |
Just adding that I agree with @nondebug's assessment. On the WebKit side, we see the user interaction requirement as sufficient to mitigate the fingerprinting concerns. At the same time, if users agents want to go beyond that for the productId and vendorId (and sometimes not provide them, or provide generalized identifiers) to provide further anonymity, they are certainly free to do so. There is limited opportunity for two or more sites to collude to identify an individual because of both the user activation are requirement, and because the set of controllers types out there is expansive, but not super unique per individual (and there's other sadly more effective means to fingerprint). As such, we might want to make that clear in the spec (that the user agent can lie if it needs to or the user wants it to). |
I agree that's a real problem! Still I don't think exposing vendor/product ID is a right solution, as the caller would need a database to tell which ID has which mapping. Fortunately there are a few well-defined button mappings, so wonder we could have a proper API to expose that info, perhaps with an enum. (As you noted later this still would require the mapping from browser side, which I would say okay and is just easier to use.)
But that means having IDs does not really solve the core problem? If it only helps when the user is having different type of controllers, I'm not sure how that would be helpful most of the time. Again, this is "okay" as it does not expose additional info, but I still does not understand why we want to solve problems with IDs that does not expose any useful device info as-is. |
Button mapping isn't equivalent to deducing button labels. Console gamepads often have the same layout but with different labels. It's important for applications to be able to draw the correct labels even for gamepads with the same button layout and mapping. Suppose the game is trying to tell the player which button opens an options menu and wants the player to press the button mapped to buttons[9] ("right button in center cluster"). It's not enough for the game to know that this gamepad uses a PlayStation layout because the labels will differ depending on if it's a PS3, PS4, or PS5 controller. On DualShock 3 this button is labeled "Start", on DualShock 4 it's "Options", and on DualSense it's a hamburger icon. For the game to draw the correct label, the enum at minimum will need to distinguish between these possibilities. When a new PlayStation gamepad is released, it's likely that the spec would need to be updated with a new enum value. We should try to avoid building this sort of dependency into the spec where the spec needs to be updated for each new device we want to support. Ideally it should be possible to connect your gamepad to your browser on the day the gamepad is released and have it work correctly without needing to wait for a spec change and a browser update. If we make it the browser's responsibility to maintain button label information then I expect there will be a delay before new gamepads are supported and less popular gamepads may never be supported. Also, I think we should try to avoid referencing specific vendors or trademarks in the spec. If we added a enum with different values for "well-defined button mappings" then I expect the enum will include many trademarked names by necessity.
The core problem (as I see it) is that applications are relying on the underspecified Gamepad.id attribute for programmatic identification of gamepad models. Applications already maintain mappings of Gamepad.id -> button labels. This makes it difficult to modify the Gamepad.id value for any currently-supported gamepad because it will break applications that rely on that gamepad having a stable Gamepad.id value. The purpose of the name attribute isn't to guarantee distinguishability, it's to provide the same level of human-facing distinguishability currently provided by Gamepad.id without requiring identifier stability.
Do we need to consider whether it's helpful? I agree it's typically not necessary for users to identify a gamepad because usually there's only one connected gamepad, or all the gamepads are the same product model. However, the current API provides a human-facing identifier and application developers sometimes find it useful to present this identifier to users. I think we should assume that a human-facing identifier is helpful to application developers and empower browser implementations to provide the best possible identifier. |
Agree with @nondebug on this and on the WebKit side. We think it makes sense to split these up as it's something developers rely on. At the same time, there is certainly scope for improving the privacy generally here - but I think we should take that up separately. |
Okay, Mozilla is neutral here, given the ID has been being exposed and pages already can extract each ID component by some heuristic. We would be happier without the need to sniff based on ID but also acknowledge that it would be hard to deal with use cases given the hardware reality. |
Closes #199
The following tasks have been completed:
Implementation commitment:
Preview | Diff