Re: Vibration API privacy considerations

CDT's comments to the FTC on cross device tracking may help explain why any
standard that allows a unique pattern to be emitted can be used for
tracking:

https://cdt.org/insight/comments-on-cross-device-tracking-to-the-ftc/


/********************************************/
Greg Norcie (norcie@cdt.org)
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800
PGP: http://norcie.com/pgp.txt



*CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>*
/*******************************************/

On Thu, Feb 18, 2016 at 12:11 PM, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com
> wrote:

> Hello
>
> 2016-02-16 21:30 GMT+01:00 Joseph Lorenzo Hall <joe@cdt.org>:
>
>> Are those two things or just one? That is, is this section claiming:
>> 1) it is possible to fingerprint a device through the Vibration API by
>> requesting information that could be used to uniquely identify a
>> device by characterizing "tiny imperfections during their
>> manufacturing"; and 2) it is possible for an external observer to
>> identify someone close to them in physical reality ("meat space") by
>> causing the user to visit a specific web page that then uses the
>> Vibration API to vibrate the device (and the external observer
>> observes this and connects a particular web session with a particular
>> device)?
>>
>>
> It is not suggested that Vibration API allows fingerprinting on its own.
>
> The only thing I intended to suggest was that in presence of other sensors
> - capable of performing the readouts - Vibration API provides the input.
> So yes, in conjunction with other sensors. This is specified there.
>
> That said, ability of creating patterns with vibration is another concern.
>
>
> Regards
> Lukasz
>