W3C home > Mailing lists > Public > public-device-apis-log@w3.org > February 2019

Re: [deviceorientation] Add API for requesting permission to receive device motion / orientation events (#57)

From: Lukasz Olejnik via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Feb 2019 18:08:09 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-461125857-1549476487-sysbot+gh@w3.org>

I wrote a bit on sensors a while ago (ambient light [1](https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/), [2](https://blog.lukaszolejnik.com/additional-security-and-privacy-risks-of-light-sensors/)). 

Not sure if helpful in your conversation, but we also analysed the possible impact of changes [3](https://blog.lukaszolejnik.com/battery-status-not-included-assessing-privacy-in-w3c-web-standards/) ([PDF](http://lukaszolejnik.com/AssessingPrivacyWebStandardsIWPE17.pdf)).

We all know well the debate on privacy vs usability/precision, and also the point of view of whether something is or is not a threat. In the end it boils down to individual beliefs. I've seen and shown some of the risks. While I'm not saying such attacks are always 100% reliable, I also know that quantization and frequency capping often don't work (see e.g. (1)).

And in that case I'm happy to hear the position of Apple as presented by @othermaciej 
How to handle it with the "defaults" is another thing. I'm all for opt-in, the current model of the web is opt-out (with the exception of permission-gated things). 

GitHub Notification of comment by lknik
Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/57#issuecomment-461125857 using your GitHub account
Received on Wednesday, 6 February 2019 18:08:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 6 February 2019 18:08:12 UTC