W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2016

Re: [sensors] Possibility of cross-domain communication using frequency in periodic reporting mode

From: Tobie Langel via GitHub <sysbot+gh@w3.org>
Date: Sat, 25 Jun 2016 08:14:44 +0000
To: public-device-apis@w3.org
Message-ID: <issue_comment.created-228522358-1466842483-sysbot+gh@w3.org>
> If there already exists an instance that is already polling at some 
frequency _f_, all new instances will be polling at the same frequency
 _f_

That's a misunderstanding of what the spec says. The idea here is that
 everyone is listening to the same physical sensor and that this 
physical sensor is polled with the intent of fulfilling the highest 
frequency requirements.

Hence, if context A requires 100Hz, context B requires 200Hz, and 
context C requires 1.2KHz, and the hardware sensor can't handle more 
than 1KHz, then all three contexts will get 1KHz. Note there is no 
guarantee that this frequency will be maintained or even possible.

Now consider context C is no longer interested in getting sensor 
readings: A and B will get 200Hz.

I can imagine you can use sensor frequency to transfer data between 
origins or across browsers by doing the following:

Listener would set frequency to something low, say 50Hz. Emitter would
 use high and low frequency to transfer information (e.g. 800Hz for 
`1` and 200Hz for `0`). You could even imagine the Listener peaking to
 1KHz to ack Emitter's message.

Note that, unless I'm mistaken, the threat here is mostly limited to 
cross-browser tracking as I suspect there are much simpler solution to
 transfer information between collaborating parties with different 
origins from within the same browser.


-- 
GitHub Notification of comment by tobie
Please view or discuss this issue at 
https://github.com/w3c/sensors/issues/100#issuecomment-228522358 using
 your GitHub account
Received on Saturday, 25 June 2016 08:14:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC