Re: [sensors] access to orientation without access to linear acceleration? (#399) from fergald via GitHub on 2019-11-19 (public-device-apis-log@w3.org from November 2019)

From: fergald via GitHub <sysbot+gh@w3.org>
Date: Tue, 19 Nov 2019 00:50:01 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-555279535-1574124600-sysbot+gh@w3.org>

> Hi, not sure how I can help here other than:
> 

I've reordered your points in what I think are priority order but left the numbers alone.

> 3. The W3C policy is that user needs are strictly more important than implementor and developer needs, so standards must reflect that

Right. I feel like a user needs control over what information they are sharing, not over which specific bits of hardware involved in producing that information (they may want that too for e.g. battery saving purposes). The current permissions are easy for the browser *implementor* because they are in terms of common hardware. They are not easy for the user (how many users understand that access to the `magnetometer` [leaks](https://www.w3.org/TR/magnetometer/#security-and-privacy) location information?).

A solution to this would actually put a lot more burden on the implementor, forcing them to figure out what combinations of sensors leak what information.

> 2. In general finer grained permissions are preferable, though not so much so that it has to boil down to a "accept all"

The current permissions are not fine grained. To access relative orientation, I must request `gyroscope` and `accelerometer`. So as a user, to grant access to how much I have rotated my device I must also grant access to how much I have moved it in space. Granular permissions would allow me to give access to the orientation *result* without sharing any information about my spatial movements. "accept all" is what we have now - an app that wants to know which way is North needs access to 3 sensors.

> 1. Relative orientation is sensitive data, since it seems very likely that you can fingerprint a device w/ very high fidelity using these values (if im following correctly)

How do you fingerprint a device with [relative orientation](https://developer.mozilla.org/en-US/docs/Web/API/RelativeOrientationSensor)? "describes the device's physical orientation without regard to the Earth's reference coordinate system". No fixed base implies that a browser can select a random base orientation and give 2 pages completely different values for the same orientation.


> 4. It would be good if standards were stricter about when folks could ask for permission (e.g. only top frame, after user gesture, etc) so permissions wouldn't need to be the primary access gating mechanism



-- 
GitHub Notification of comment by fergald
Please view or discuss this issue at https://github.com/w3c/sensors/issues/399#issuecomment-555279535 using your GitHub account

Received on Tuesday, 19 November 2019 00:50:05 UTC