Re: [w3c/push-api] Add answers to the Security and Privacy self-review (#264) from Peter Beverloo on 2017-06-21 (public-webapps-github@w3.org from June 2017)

From: Peter Beverloo <notifications@github.com>
Date: Wed, 21 Jun 2017 07:39:11 -0700
To: w3c/push-api <push-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/push-api/pull/264/review/45454222@github.com>

beverloo commented on this pull request.



> +in some cases, without depending on the browser to be running at all.
+
+## 3.7 Does this specification allow an origin access to a user’s location?
+
+Potentially, through IP-to-location mechanisms when the Service Worker issues a
+fetch.
+
+## 3.8 Does this specification allow an origin access to sensors on a user’s device?
+
+No.
+
+## 3.9 Does this specification allow an origin access to aspects of a user’s local computing environment?
+
+Yes, the push service selected by the device. In some cases, most commonly on
+desktop platforms, a user agent includes a push service client separate from the
+push service made available by the operating system.

Updated, thanks!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/pull/264#discussion_r123267813

Received on Wednesday, 21 June 2017 14:40:11 UTC