Re: [vibration] privacy consideration PING comments from Lukasz Olejnik (W3C) on 2016-02-29 (public-device-apis@w3.org from February 2016)

From: Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
Date: Mon, 29 Feb 2016 23:03:49 +0100
To: David Singer <singer@apple.com>
Cc: Joseph Lorenzo Hall <joe@cdt.org>, Chaals McCathie Nevile <chaals@yandex-team.ru>, Frederick Hirsch <w3c@fjhirsch.com>, W3C Device APIs WG <public-device-apis@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <CAC1M5qp-yOpNvN3rGVs7O2SBb7Ow9Y44YFjmZgMMbSezTU5r8Q@mail.gmail.com>

2016-02-29 22:58 GMT+01:00 David Singer <singer@apple.com>:

>
> > On Feb 29, 2016, at 13:53 , Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
> wrote:
> >
> >
> >
> > 2016-02-29 22:47 GMT+01:00 Joseph Lorenzo Hall <joe@cdt.org>:
> > On Mon, Feb 29, 2016 at 2:37 PM, David Singer <singer@apple.com> wrote:
> > >>
> > >>
> > >> So, is this API a fingerprint risk, or a beacon risk?
> > >>
> > >> It provides information
> > >
> > > that’s my puzzle.  it provides almost no information at all.  what
> information does it provide?
> > >
> > > it can transmit information (e.g. the vibrate pattern), it can
> identify a device ‘in a crowd’, and so on, but…
> >
> > I think this is semantic confusion. Lukasz here seems to be saying
> > through the API a developer provides vibration patterns to the device
> > which vibrates according to those patterns. So these are beacon
> > facilitating risks (a cookie value could be marshaled into a set of
> > vibration patterns and then picked up acoustically by another device
> > to register the first device was in acoustic proximity)
> >
> > Actually, what I mean israther -  probing accelerometer/gyroscope/etc
> sensors, which are known to differ from each others. This is basically an
> extraction of an identifier. Quintessential fingerprinting.
>
> "reading the output of
> accelerometer - can allow fingerprinting by imperfections in the
> accelerometer sensors.”
>
> That’s fingerprinting the accelerometers.



Yes. But to probe it, one needs an "excitation factor". That's why we say:
"in conjunction" Vibration API can act as one.





> I suppose it’s theoretically possible that the vibration actuators — or
> the combination of a specific actuator and a specific accelerometer set —
> can be unique, i.e. yield a fingerprint, but I am a little doubtful.
>

I'm unsure this would be a real risk.




>
> I just want to be careful we don’t cause confusion by labelling what is
> essentially an output-only API as something that can yield information…
>


It cannot - from the web site perspective.



>
>
> >
> >
> > --
> > Joseph Lorenzo Hall
> > Chief Technologist, Center for Democracy & Technology [
> https://www.cdt.org]
> > e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
> > Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
> >
> > CDT's annual dinner, Tech Prom, is April 6, 2016!
> https://cdt.org/annual-dinner
>
> David Singer
> Manager, Software Standards, Apple Inc.
>
>

Received on Monday, 29 February 2016 22:04:19 UTC