- From: Rick Waldron via GitHub <sysbot+gh@w3.org>
- Date: Tue, 19 Sep 2017 15:37:54 +0000
- To: public-device-apis-log@w3.org
I just worked through the questionnaire independently as a means of cross checking and our answers have almost 100% agreement. For 3.10 I added an acknowledgement that's called out in the security risk section. Here are my answers: ----------------------------------------------------- [Self-Review Questionnaire: Security and Privacy, Questions to Consider](https://w3ctag.github.io/security-questionnaire/#questions) ### [3.1. Does this specification deal with personally-identifiable information?](https://w3ctag.github.io/security-questionnaire/#pii) Yes, but not directly. Concrete sensor specifications require user permissions to mitigate potential exposure issues. https://w3c.github.io/sensors/#security-and-privacy, https://w3c.github.io/sensors/#mitigation-strategies, https://w3c.github.io/sensors/#user-identifying ### [3.2. Does this specification deal with high-value data?](https://w3ctag.github.io/security-questionnaire/#credentials) Yes, but not directly. > Sensor readings are explicitly flagged by the Secure Contexts specification [POWERFUL-FEATURES] as a high-value target for network attackers. Thus all interfaces defined by this specification or extension specifications are only available within a secure context. See: https://w3c.github.io/sensors/#secure-context ### [3.3. Does this specification introduce new state for an origin that persists across browsing sessions?](https://w3ctag.github.io/security-questionnaire/#persistent-origin-specific-state) No. ### [3.4. Does this specification expose persistent, cross-origin state to the web?](https://w3ctag.github.io/security-questionnaire/#persistent-identifiers) No. ### [3.5. Does this specification expose any other data to an origin that it doesn’t currently have access to?](https://w3ctag.github.io/security-questionnaire/#other-data) No. ### [3.6. Does this specification enable new script execution/loading mechanisms?](https://w3ctag.github.io/security-questionnaire/#string-to-script) No. ### [3.7. Does this specification allow an origin access to a user’s location?](https://w3ctag.github.io/security-questionnaire/#location) Not directly; concrete sensor specifications, ie. "Geolocation Sensor" require user permissions to mitigate potential exposure issues. https://w3c.github.io/sensors/#security-and-privacy, https://w3c.github.io/sensors/#mitigation-strategies, https://w3c.github.io/sensors/#location-tracking ### [3.8. Does this specification allow an origin access to sensors on a user’s device?](https://w3ctag.github.io/security-questionnaire/#sensors) Yes; concrete sensor specifications require user permissions to mitigate potential exposure and/or privacy issues. https://w3c.github.io/sensors/#security-and-privacy, https://w3c.github.io/sensors/#mitigation-strategies ### [3.9. Does this specification allow an origin access to aspects of a user’s local computing environment?](https://w3ctag.github.io/security-questionnaire/#local-device) TODO ### [3.10. Does this specification allow an origin access to other devices?](https://w3ctag.github.io/security-questionnaire/#remote-device) No; however it is acknowledged that: > Sensors can potentially be used in cross-device linking and tracking of a user. See: https://w3c.github.io/sensors/#security-and-privacy, https://w3c.github.io/sensors/#mitigation-strategies (It is recognized that this isn't precisely what is meant by question 3.10, but worth mentioning) ### [3.11. Does this specification allow an origin some measure of control over a user agent’s native UI?](https://w3ctag.github.io/security-questionnaire/#native-ui) No. ### [3.12. Does this specification expose temporary identifiers to the web?](https://w3ctag.github.io/security-questionnaire/#temporary-id) No. ### [3.13. Does this specification distinguish between behavior in first-party and third-party contexts?](https://w3ctag.github.io/security-questionnaire/#first-third-party) No. ### [3.14. How should this specification work in the context of a user agent’s "incognito" mode?](https://w3ctag.github.io/security-questionnaire/#incognito) TODO ### [3.15. Does this specification persist data to a user’s local device?](https://w3ctag.github.io/security-questionnaire/#storage) No. ### [3.16. Does this specification have a "Security Considerations" and "Privacy Considerations" section?](https://w3ctag.github.io/security-questionnaire/#considerations) Yes https://w3c.github.io/sensors/#security-and-privacy ### [3.17. Does this specification allow downgrading default security characteristics?](https://w3ctag.github.io/security-questionnaire/#relaxed-sop) No. -- GitHub Notification of comment by rwaldron Please view or discuss this issue at https://github.com/w3c/sensors/pull/270#issuecomment-330579933 using your GitHub account
Received on Tuesday, 19 September 2017 15:37:47 UTC