W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2013

Re: draft, pls review by Tuesday - Summary of Privacy Interest Group (PING) feedback regarding Proximity and Ambient Light APIs

From: Christine Runnegar <runnegar@isoc.org>
Date: Fri, 8 Feb 2013 05:42:35 +0100
Cc: <public-privacy@w3.org>
Message-Id: <E7B14C01-4483-4005-AF98-D881962FC31F@isoc.org>
To: <Frederick.Hirsch@nokia.com>
A very big thank you to all the reviewers and especially to Frederick for kindly offering to consolidate the feedback into a summary.

Everyone, please check the draft summary and advise Frederick of any additions or corrections by Monday.

Christine and Tara

On Feb 8, 2013, at 12:17 AM, <Frederick.Hirsch@nokia.com> wrote:

> Here is my draft summary of the PING Ambient Light and Proximity review, based on the emails, IRC log and my recollection of the call.
> 
> Please let me know of any additions, corrections etc before I send to the DAP list on Tuesday, 12 Feb.
> 
> regards, Frederick
> 
> Frederick Hirsch, Nokia 
> 
> [[
> 
> Members of the Privacy Interest Group (PING) [1] reviewed the Proximity [2] and Ambient Light  Event [3] Last Call drafts from a privacy perspective.
> 
> The following key points were made in the review process:
> 
> 1) Privacy threats can arise when these simple specifications are used in combination with other functionality or when used over time.
> 
> 2) User notification and control over use of sensors should be provided (e.g. able to turn them off, or know if they are being used)
> 
> 3) There are possibilities for fingerprinting based by event patterns during and over time.
> 
> 4) There should be a summary of privacy information applicable to the various sensors collected in one place (I offered to start a draft) and information may also need to be added to each individual draft
> 
> 5) Reviewing these drafts was useful to PING in order to learn and start creating a checklist and process for other reviews.
> 
> In detail, 
> 
> Nick Doty gave an excellent summary in an email [4] that includes examples:  using ambient light sensors in multiple contexts over time to correlate the same user, suggesting the spec be limited to a single active window context.
> Similarly he notes a concern similar to the Idle API risk discussion, see [5]. See Nick's email for details.
> 
> Nick noted during the call that there is a chance for gleaning information from light sensors, but not with high, med, low settings, so that is good.
> 
> Nick and Thomas Roessler also note that there  is also a fingerprinting risk based on frequency and timing of event occurrence (though I suggest this might be harder than more straightforward fingerprinting approaches). A possible mitigation is to impose limitations on granularity of information.
> 
> Ambient Light could offer a side channel for communication via light generation and detection though again I think this might be lower priority than other possible concerns.
> 
> Tony Rahman noted [6] that there might be a security risk if there is no limit to the rate of queries and also suggested that remote sensors offer a greater security risk, though I suggest the current specs are focused on local information. He also noted that perhaps there should be an indication to the user when the sensors are used (I'd say in particular for ambient light). In addition he suggests there should be a way to disable sharing proximity information (or in general various sensor information).
> 
> The PING group agreed that there may need to be privacy documentation that spans the variety of sensors noting common concerns - I offered to  start drafting document. Nick suggests that material needs to also be repeated in the individual drafts as well, however I'd suggest a short executive summary might suffice.
> 
> Nick started a wiki to collect resources around Privacy Considerations, see http://www.w3.org/wiki/Privacy/Privacy_Considerations
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> [1] http://www.w3.org/Privacy/
> 
> [2] http://www.w3.org/TR/2012/WD-proximity-20121206/
> 
> [3] http://www.w3.org/TR/2012/WD-ambient-light-20121213/
> 
> [4] http://lists.w3.org/Archives/Public/public-privacy/2013JanMar/0007.html
> 
> [5] https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.webapi/7mEN0gSryCk
> 
> [6] http://lists.w3.org/Archives/Public/public-privacy/2013JanMar/0010.html and http://lists.w3.org/Archives/Public/public-privacy/2013JanMar/0011.html
> 
> ]]
> 
> 
Received on Friday, 8 February 2013 04:43:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 8 February 2013 04:43:05 GMT