- From: Mercurial notifier <cvsmail@w3.org>
- Date: Tue, 21 May 2013 09:04:26 +0000
- To: public-dap-commits@w3.org
changeset: 420:75fb0c6939c8
tag: tip
user: Anssi Kostiainen <anssi.kostiainen@intel.com>
date: Tue May 21 12:04:08 2013 +0300
files: light/Overview.html proximity/Overview.html
description:
ditto
diff -r 7bca576bd37a -r 75fb0c6939c8 light/Overview.html
--- a/light/Overview.html Tue May 21 12:02:22 2013 +0300
+++ b/light/Overview.html Tue May 21 12:04:08 2013 +0300
@@ -391,7 +391,7 @@
</p>
<h1 class="title p-name" id="title">Ambient Light Events</h1>
- <h2 id="w3c-editor-s-draft-06-may-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2013-05-06">06 May 2013</time></h2>
+ <h2 id="w3c-editor-s-draft-21-may-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2013-05-21">21 May 2013</time></h2>
<dl>
<dt>This version:</dt>
@@ -415,6 +415,7 @@
<dd class="p-author h-card vcard"><span class="p-name fn">Anssi Kostiainen</span>, <a class="p-org org h-org h-card" href="http://intel.com/">Intel</a></dd>
+
</dl>
@@ -586,9 +587,40 @@
</p>
</section>
- <section id="security-and-privacy-considerations">
- <!--OddPage--><h2><span class="secno">4. </span>Security and privacy considerations</h2>
+ <section class="informative" id="security-and-privacy-considerations">
+ <!--OddPage--><h2><span class="secno">4. </span>Security and privacy considerations</h2><p><em>This section is non-normative.</em></p>
<p>
+ Privacy threats can arise when this specification is used in
+ combination with other functionality or when used over time,
+ specifically with the risk of correlation of data and user
+ identification through fingerprinting. Web application developers
+ using these JavaScript APIs should consider how this information might
+ be correlated with other information and the privacy risks that might
+ be created. The potential risks of collection of such data over a
+ longer period of time should also be considered.
+ </p>
+ <p>
+ Variations in implementation light level values as well as event firing
+ rates offer the possibility of fingerprinting to identify users.
+ Browser implementations may reduce the risk by only using the less
+ precise <a href="#idl-def-LightLevelState" class="idlType"><code>LightLevelState</code></a> of 'dim', 'normal', and 'bright' and limiting
+ event rates available to web application developers.
+ </p>
+ <p>
+ If the same JavasScript code using the API can be used simultaneously in
+ different window contexts on the same device it may be possible for
+ that code to correlate the user across those two contexts, creating
+ unanticipated tracking mechanisms.
+ </p>
+ <p>
+ Browser implementations should consider providing the user an
+ indication of when the sensor is used and allowing the user to disable
+ sensing.
+ </p>
+ <p>
+ Web application developers that use this specification should perform a
+ privacy assessment of their application taking all aspects of their
+ application into consideration.
</p>
</section>
diff -r 7bca576bd37a -r 75fb0c6939c8 proximity/Overview.html
--- a/proximity/Overview.html Tue May 21 12:02:22 2013 +0300
+++ b/proximity/Overview.html Tue May 21 12:04:08 2013 +0300
@@ -391,7 +391,7 @@
</p>
<h1 class="title p-name" id="title">Proximity Events</h1>
- <h2 id="w3c-editor-s-draft-06-may-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2013-05-06">06 May 2013</time></h2>
+ <h2 id="w3c-editor-s-draft-21-may-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2013-05-21">21 May 2013</time></h2>
<dl>
<dt>This version:</dt>
@@ -418,6 +418,7 @@
<dd class="p-author h-card vcard"><span class="p-name fn">Dzung D Tran</span>, <a class="p-org org h-org h-card" href="http://intel.com/">Intel</a></dd>
+
</dl>
@@ -619,9 +620,40 @@
</p>
</section>
- <section id="security-and-privacy-considerations">
- <!--OddPage--><h2><span class="secno">4. </span>Security and privacy considerations</h2>
+ <section class="informative" id="security-and-privacy-considerations">
+ <!--OddPage--><h2><span class="secno">4. </span>Security and privacy considerations</h2><p><em>This section is non-normative.</em></p>
<p>
+ Privacy threats can arise when this specification is used in
+ combination with other functionality or when used over time,
+ specifically with the risk of correlation of data and user
+ identification through fingerprinting. Web application developers
+ using these JavaScript APIs should consider how this information might
+ be correlated with other information and the privacy risks that might
+ be created. The potential risks of collection of such data over a
+ longer period of time should also be considered.
+ </p>
+ <p>
+ Variations in implementation limits of minimum and maximum sensing
+ distance as well as event firing rates offer the possibility of
+ fingerprinting to identify users. Browser implementations may reduce
+ the risk by limiting the granularity and event rates available to web
+ application developers.
+ </p>
+ <p>
+ If the same JavasScript code using the API can be used simultaneously in
+ different window contexts on the same device it may be possible for
+ that code to correlate the user across those two contexts, creating
+ unanticipated tracking mechanisms.
+ </p>
+ <p>
+ Browser implementations should consider providing the user an
+ indication of when the sensor is used and allowing the user to disable
+ sensing.
+ </p>
+ <p>
+ Web application developers that use this specification should perform a
+ privacy assessment of their application taking all aspects of their
+ application into consideration.
</p>
</section>
Received on Tuesday, 21 May 2013 09:04:33 UTC