W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

Baterry API and fingerprinting

From: Dominique Hazael-Massieux <dom@w3.org>
Date: Wed, 08 Jul 2015 20:09:59 +0200
Message-ID: <559D6777.3080505@w3.org>
To: public-privacy@w3.org
Hi,

An interesting paper on how a seemingly innocuous API (battery level 
reading) ends up providing exploitable fingerprinting surface:
   A privacy analysis of the HTML5 Battery Status API
   http://eprint.iacr.org/2015/616.pdf

Some of the risks highlighted are specific to an implementation 
(providing arguably too detailed information), some are probably more 
generic to any API that bridges with hardware. It might be interesting 
to look if the self-review questionnaire would have helped mitigating 
these risks at the spec level.

Dom
Received on Wednesday, 8 July 2015 18:11:19 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 July 2015 18:11:19 UTC