W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2013

Proximity Events and Ambient Events - Consolidated comments from Microsoft

From: Christine Runnegar <runnegar@isoc.org>
Date: Thu, 17 Jan 2013 08:28:30 +1000
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <ADC1B291-D5C9-4A1A-9AA2-3843C67CF8D1@isoc.org>
Dear volunteer reviewers,

Tony has some additional comments from Microsoft to contribute. He has helpfully consolidated them into one email.

Please see below.

Begin forwarded message:

> From: "Tony Rahman (LCA)" <tonyr@microsoft.com>
> Date: January 17, 2013 8:12:07 AM GMT+10:00
> To: Christine Runnegar <runnegar@isoc.org>
> Subject: Consolidated comments from Microsoft...
> 
> Hi Christine, here are our consolidated review comments for you…
>  
>  Proximity Events draft review
>  http://www.w3.org/TR/2012/WD-proximity-20121206/
>  
>   Comments on Privacy and Security areas:
>  
>   1. There should be a way for a device to refuse to be queried about its proximity or even presence (e.g. Bluetooth device).
>  
>   2. Can an object (being queried) be also a hosting device? If so, is it possible that DeviceProximityEvent and UserProximityEvent interfaces can be used to do "daisy-chain" queries to find not just the first device within the proximity, but also the what's in proximity to the queried device and so on. That needs to taken into consideration. This is including the ability for devices to see how far away they are from each other.
>  
>   3. Perhaps the device should have a max number of queries on itself allowed within a certain amount of time, and if it's exceeded it will stop responding to the hosting device for x amount of time (e.g. no more responses to that host for an hour). This is more of a Security issue.
>  
> 4. In isolated usage, there may not be much risk here. However, when combined with other features such as identity or location I feel this could be very concerning.
>  
> 5. There should be a mechanism to alert the user when the feature is enabled or being used.
>  
>  
>   Ambient Light Events draft review
>  http://www.w3.org/TR/2012/WD-ambient-light-20121213/
>  
>   Comments on Privacy and Security areas:
>  
> 1.       See #1 comment above for Proximity Events (refuse to report) 2. See #3 comment above for Proximity Events (limit queries) 3. The real-world usage of any of the Ambient Light Events features must be strictly controlled as there are privacy and physical security implications especially when used in a home automation situation. Only designated/authorized users can query whether it's dark in your house, etc.
> 2.       Hacking is a huge risk here.  This feature could be used in an unexpected way, e.g. to see if two devices are in the same place depending how sensitive the light sensor is.
>  
>  
> CSG: Technical Engagement & Strategy
> Sr. Program Manager. CIPP/US
> tonyr@microsoft.com  ( 425.703.2680
>  
>  
Received on Wednesday, 16 January 2013 22:29:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 16 January 2013 22:29:02 GMT