W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

Re: Baterry API and fingerprinting

From: Christine Runnegar <runnegar@isoc.org>
Date: Sat, 18 Jul 2015 08:53:05 +0000
To: Frederick Hirsch <w3c@fjhirsch.com>
CC: Dominique Hazael-Massieux <dom@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <47B0FB13-C334-4876-9963-068D3B309BDD@isoc.org>
Thank you Dom and Frederick for these good points.

Lots of factors to consider in applying a data minimisation approach, including granularity, frequency, accuracy, …

Let’s keep these issues in mind when looking at the questionnaire (and any reviews of specs).

Christine

> On 8 Jul 2015, at 11:21 pm, Frederick Hirsch <w3c@fjhirsch.com> wrote:
> 
> it seems that a general privacy consideration will frequently be appropriate:
> 
> "Implementations should ensure that the precision of information is at the lowest accuracy as possible while providing utility."
> 
> This is data minimization in another form but one that is easy to forget as accuracy may be implementation dependent.
> 
> Determining the required precision will depend both on the applications supported as well as the attack analysis, so not sure a blanket guideline is appropriate.
> 
> It sounds like this issue will become very relevant  for sensors and the emerging Internet of Things.
> 
> regards, Frederick
> 
> Frederick Hirsch
> Chair, W3C Device APIs WG (DAP)
> 
> www.fjhirsch.com
> @fjhirsch
> 
> 
> 
>> On Jul 8, 2015, at 2:09 PM, Dominique Hazael-Massieux <dom@w3.org> wrote:
>> 
>> Hi,
>> 
>> An interesting paper on how a seemingly innocuous API (battery level reading) ends up providing exploitable fingerprinting surface:
>> A privacy analysis of the HTML5 Battery Status API
>> http://eprint.iacr.org/2015/616.pdf

>> 
>> Some of the risks highlighted are specific to an implementation (providing arguably too detailed information), some are probably more generic to any API that bridges with hardware. It might be interesting to look if the self-review questionnaire would have helped mitigating these risks at the spec level.
>> 
>> Dom
>> 
>> 
> 
> 

Received on Saturday, 18 July 2015 08:53:37 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 18 July 2015 08:53:38 UTC