> Thanks, it'd be interesting to hear from the security researchers that found the original flaws if that is indeed sufficient. Feel free to reach out to them. @noncombatant did the auditing on the threshholds for us > I also think that the specification should define the maximum allowed frequency to ensure end user security and interoperability. (There's some text on this, but it's not specific.) I'll leave that to the spec authors. My guess is that it's a fuzzy line but we (Chrome) deemed the practical risk to be low enough with the thresholds we selected. > With thresholds on things like accelerometer and gyroscope (which don't seem to mention any throttling by the way; known issue?), how useful are they still for WebVR and such? I believe they still satisfy the vast majority of use cases. We considered exposing higher threshholds behind a permission prompt but this didn't seem necessary and again has problems due to the difficulty of UX. Again, @noncombatant may remember details. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/207#issuecomment-351541330
Received on Wednesday, 13 December 2017 22:10:23 UTC