This issue is part of PING review w3cping/privacy-request#85

From my read of the current spec, it seems that that there is significant passive fingerprinting surface, particularly around the capabilities in the Optional Capabilities section. This surface seems to both mirror and exceed the fingerprinting surface exposed by existing canvas capabilities, and actively exploited in the wild.

I appreciate that these risks are discussed in the privacy considerations section (which is very detailed and very appreciated). It is great that the spec authors have thought through these issues in such depth to document them. However, its equally important that spec authors mitigate the risks they're introducing, and the risks this functionality would expose users to.

More specifically, spec should to (in-spec) mitigate or address the passive fingerprinting surface the spec exposes.

Here are some suggested ways, for the WG's considerations, for how that might be done. Note that these are not PRs or specific recommended changes, though I and PING would be happy to work with the authors to try and address these issues.

• move the WebGPU capabilities behind a permission
• expose an implementation with lower fingerprinting risk w/o a permission, and allow users to opt-into the higher risk, higher performance implementation
• limit these capabilities to visible contexts
• limit these capabilities to frames that have received an activation
• reduce the granularity of the values exposed in the 3.2.6 subsections

Again, its beyond the horizontal review process for PING to offer PRs or specific text changes, but I'd be happy to work with the proposal's authors to address these vulnerabilities