Update privacy considerations for cached/persisted data

webmachinelearning · Mar 24, 2022 · ce57e2d · ce57e2d
1 parent 586cbb6
commit ce57e2d
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/index.bs b/index.bs
@@ -394,9 +394,9 @@ No information from the underlying platform is exposed directly. An execution ti
 
 Note: The group is <a href="https://github.com/webmachinelearning/webnn/issues/85">soliciting further input</a> on the proposed execution time analysis fingerprinting vector and will augment this section with more information and mitigations to inform the implementers of this API.
 
-This API mitigates against timing attacks that rely on data caching or persistence by not intrinsically supporting custom shader authoring. Instead, the API builds upon pre-existing shaders and lower level primitives of the browser or the underlying OS. Web developers who interface with {{GPUDevice}} are expected to be aware of <a href="https://gpuweb.github.io/gpuweb/#privacy-user-agent-state">WebGPU compilation cache considerations</a>.
+Unlike APIs like WebGL, and WebGPU; this API does not intrinsically support custom shader authoring; and as a result is not prone to timing attacks that rely on shader caches, or other persistent data. The API builds upon pre-existing shaders and lower level primitives of the browser or the underlying OS. Web developers who interface with {{GPUDevice}} are expected to be aware of <a href="https://gpuweb.github.io/gpuweb/#privacy-user-agent-state">WebGPU compilation cache considerations</a>.
 
-In general, implementers of this API are expected to be familiar with the <a href="https://gpuweb.github.io/gpuweb/#security-privacy">WebGPU Privacy Considerations</a>.
+In general, implementers of this API are expected to be familiar with the <a href="https://gpuweb.github.io/gpuweb/#privacy-considerations">WebGPU Privacy Considerations</a>.
 
 Ethical Considerations {#ethics}
 ===================================
@@ -2451,6 +2451,8 @@ Benjamin Poulain for their contributions to the API specification.
 Thanks to Sangwhan Moon and the W3C Technical Architecture Group for review of this specification for web architecture fit, design consistency and developer ergonomics.
 
 Thanks to W3C Privacy Interest Group for privacy and security review and feedback.
+
+Thanks to Kaustubha Govind and Chrome privacy reviewers for feedback and privacy considerations.
 <pre class="biblio">
 {
   "Models": {