Re: Vibration API privacy considerations from Joseph Lorenzo Hall on 2016-02-16 (public-privacy@w3.org from January to March 2016)

From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Tue, 16 Feb 2016 15:30:29 -0500
To: Chaals McCathie Nevile <chaals@yandex-team.ru>
Cc: W3C Privacy IG <public-privacy@w3.org>
Message-ID: <CABtrr-UqYfm0vNp-GPSvCvsuE_biZQUPui5RPMe6t_nap27AYw@mail.gmail.com>

Are those two things or just one? That is, is this section claiming:
1) it is possible to fingerprint a device through the Vibration API by
requesting information that could be used to uniquely identify a
device by characterizing "tiny imperfections during their
manufacturing"; and 2) it is possible for an external observer to
identify someone close to them in physical reality ("meat space") by
causing the user to visit a specific web page that then uses the
Vibration API to vibrate the device (and the external observer
observes this and connects a particular web session with a particular
device)?

Looking at the spec, it just accepts a list of integers and vibrates
the device or not. So, I don't see a way to fingerprint devices using
this spec by taking advantage of "tiny imperfections during their
manufacturing" (of accelerometers and gyroscopes). Maybe it's in
conjunction with another API that that becomes revelant? (e.g., if you
were recording audio, I bet vibrating the phone with a little training
could allow you to characterize the surface it's on and possibly the
type of phone and if it's in a case)

I think maybe drop the first fingerprinting concern (maybe I don't
understand it) but keep the second concern that it allows an external
observer in physical proximity to associate a device with a web
session by causing the device to vibrate using the API. (A possible
mitigation to allowing for highly unique vibration patterns would be
to make only simple vibrations possible.)

If you've read this far, know that at some point we'll probably have
to deal with eavesdropping via mobile gyroscopes... so not
fingerprinting but full on identification of speaker information and
parsing speech:

https://crypto.stanford.edu/gyrophone/files/gyromic.pdf

On Tue, Feb 16, 2016 at 10:39 AM, Chaals McCathie Nevile
<chaals@yandex-team.ru> wrote:
> Hi,
>
> the Device API group are considering proposing a revision of the Vibration
> API, and one of the things they propose adding is a section on Security and
> Privacy.
>
> The current proposal is
> <https://github.com/anssiko/vibration/commit/48489c54e0b7ed80900e0906fa79803c8fa77069>
>
> The two things identified are that vibration can be picked up with e.g.
> motion sensors in the same device for fingerprinting, and that a vibrating
> device can be physicall observed externally.
>
> Wondering if anyone has further input.
>
> Cheers
>
> --
> Charles McCathie Nevile - web standards - CTO Office, Yandex
>  chaals@yandex-team.ru - - - Find more at http://yandex.com
>

-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner

Received on Tuesday, 16 February 2016 20:31:16 UTC