W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2016

Re: [sensors] Malicious use of the phone's Gyroscope

From: יוסי אורן <sysbot+gh@w3.org>
Date: Wed, 08 Jun 2016 06:01:12 +0000
To: public-device-apis@w3.org
Message-ID: <issue_comment.created-224496545-1465365671-sysbot+gh@w3.org>
Hello Tobie, thanks for following up.

Looking at the permissions registry at 
https://w3c.github.io/permissions/#permission-registry 
<https://w3c.github.io/permissions/#permission-registry> I see no 
mention of orientation sensors. Are you planning to add an 
“orientation” permission to the registry in the future?


> On 8 ביוני 2016, at 1:16, Tobie Langel <notifications@github.com> 
wrote:
> 
> Hi. Thanks for your report.
> 
> To mitigate this attack, we think it's a good idea to limit access 
to the orientation API. One way to achieve this is to ask the user's 
permission before enabling this API. Another way is to limit access to
 web pages delivered from insecure origins, as Chrome does for the 
Location API [2].
> 
> Yes. Both are planned and spec'ed already (see secure context 
<https://w3c.github.io/sensors/#secure-context> and permissioning 
<https://w3c.github.io/sensors/#permissioning>).
> 
> Does the above alleviate your concerns?
> 
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub 
<https://github.com/w3c/sensors/issues/112#issuecomment-224431620>, or
 mute the thread 
<https://github.com/notifications/unsubscribe/AIkoT6qmGiKWayCoruKS9XSXe36JmX6Xks5qJe3SgaJpZM4IpKeu>.
> 



-- 
GitHub Notification of comment by Yossioren
Please view or discuss this issue at 
https://github.com/w3c/sensors/issues/112#issuecomment-224496545 using
 your GitHub account
Received on Wednesday, 8 June 2016 06:01:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC