W3C home > Mailing lists > Public > public-device-apis@w3.org > August 2015

Re: [battery] Battery API and fingerprinting

From: Kostiainen, Anssi <anssi.kostiainen@intel.com>
Date: Thu, 20 Aug 2015 12:54:31 +0000
To: Frederick Hirsch <w3c@fjhirsch.com>
CC: W3C Device APIs WG <public-device-apis@w3.org>
Message-ID: <11FF1A76-9605-4312-8AFE-A2BF80BAA554@intel.com>
Hi,

> On 09 Jul 2015, at 00:09, Frederick Hirsch <w3c@fjhirsch.com> wrote:
> 
> Concrete Battery API suggestions from "A privacy analysis of the HTML5 Battery Status API"
> 
> * "we believe the Battery Status API could mention the risk of exposing high precision readouts in the ‚ÄúSecurity and privacy considerations‚ÄĚ section of the standard."
> 
> * "We believe, as a minimum, users should be able to choose to be asked for battery access by Web scripts. As an alternative, browsers can enforce the user permission requirement in their private browsing modes."
> 
> * information on the API use could be made available to the user to aid transparency
> 
> This paper highlights (yet again) how detailed and accurate information can be used to fingerprint

Thanks for the suggestions. I reworded the security and privacy considerations section [1] per feedback. For details, see [2].

All - please review and suggest improvements if any.

Thanks,

-Anssi

[1] https://dvcs.w3.org/hg/dap/raw-file/default/battery/Overview.html#security-and-privacy-considerations

[2] https://dvcs.w3.org/hg/dap/diff/abe11905e4dc/battery/Overview.src.html
Received on Thursday, 20 August 2015 12:55:22 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC