W3C home > Mailing lists > Public > public-device-apis-log@w3.org > August 2016

[ambient-light] Security and Privacy considerations for ALS

From: Lukasz Olejnik via GitHub <sysbot+gh@w3.org>
Date: Wed, 31 Aug 2016 13:21:43 +0000
To: public-device-apis-log@w3.org
Message-ID: <issues.opened-174271517-1472649701-sysbot+gh@w3.org>
lknik has just created a new issue for 
https://github.com/w3c/ambient-light:

== Security and Privacy considerations for ALS ==
I would suggest updating security/privacy considerations with the 
following:

> Ambient Light Sensor API provides information about lighting 
conditions near the device environment. There are several potential 
privacy risks related with exposing this information on the web.
> 
> - Information leaks about the user’s surrounding and work habits.
> - Profiling. Readout from  Ambient Light Sensor can potentially 
induce information leaks about the user’s interests, web use and work 
habits, as well as the users’ surrounding. This information might be 
used to enhance the user profiling and behavioral analysis.
> - Cross-device linking and tracking. Access to sufficiently precise 
readouts of Ambient Light sensors potentially enhance cross-device 
linking techniques. Such situation may arise if two different devices 
access web sites including same third-party scripts that compare 
lighting levels over time. 
> - Cross-device communication. Verbose readout of Ambient Light 
Sensor could be applied to receive messages emitted by other devices 
in nearby location. A simple messaging method could arise by multiple 
devices flashing their screens or camera LEDs and reading out 
responses with Ambient Light Sensors
> 
> The user agent SHOULD expose minimized lighting levels. 
> 
> A verbose, high-resolution readout from the API SHOULD be subject to
 permissions.
> 
> The user agent SHOULD inform the user about the current and past 
uses of the API.
> 

Please view or discuss this issue at 
https://github.com/w3c/ambient-light/issues/13 using your GitHub 
account
Received on Wednesday, 31 August 2016 13:21:51 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:51 UTC