- From: Lukasz Olejnik via GitHub <sysbot+gh@w3.org>
- Date: Wed, 31 Aug 2016 13:21:43 +0000
- To: public-device-apis-log@w3.org
lknik has just created a new issue for https://github.com/w3c/ambient-light: == Security and Privacy considerations for ALS == I would suggest updating security/privacy considerations with the following: > Ambient Light Sensor API provides information about lighting conditions near the device environment. There are several potential privacy risks related with exposing this information on the web. > > - Information leaks about the user’s surrounding and work habits. > - Profiling. Readout from Ambient Light Sensor can potentially induce information leaks about the user’s interests, web use and work habits, as well as the users’ surrounding. This information might be used to enhance the user profiling and behavioral analysis. > - Cross-device linking and tracking. Access to sufficiently precise readouts of Ambient Light sensors potentially enhance cross-device linking techniques. Such situation may arise if two different devices access web sites including same third-party scripts that compare lighting levels over time. > - Cross-device communication. Verbose readout of Ambient Light Sensor could be applied to receive messages emitted by other devices in nearby location. A simple messaging method could arise by multiple devices flashing their screens or camera LEDs and reading out responses with Ambient Light Sensors > > The user agent SHOULD expose minimized lighting levels. > > A verbose, high-resolution readout from the API SHOULD be subject to permissions. > > The user agent SHOULD inform the user about the current and past uses of the API. > Please view or discuss this issue at https://github.com/w3c/ambient-light/issues/13 using your GitHub account
Received on Wednesday, 31 August 2016 13:21:51 UTC