[ambient-light] Security and Privacy considerations for ALS

lknik has just created a new issue for 

== Security and Privacy considerations for ALS ==
I would suggest updating security/privacy considerations with the 

> Ambient Light Sensor API provides information about lighting 
conditions near the device environment. There are several potential 
privacy risks related with exposing this information on the web.
> - Information leaks about the user’s surrounding and work habits.
> - Profiling. Readout from  Ambient Light Sensor can potentially 
induce information leaks about the user’s interests, web use and work 
habits, as well as the users’ surrounding. This information might be 
used to enhance the user profiling and behavioral analysis.
> - Cross-device linking and tracking. Access to sufficiently precise 
readouts of Ambient Light sensors potentially enhance cross-device 
linking techniques. Such situation may arise if two different devices 
access web sites including same third-party scripts that compare 
lighting levels over time. 
> - Cross-device communication. Verbose readout of Ambient Light 
Sensor could be applied to receive messages emitted by other devices 
in nearby location. A simple messaging method could arise by multiple 
devices flashing their screens or camera LEDs and reading out 
responses with Ambient Light Sensors
> The user agent SHOULD expose minimized lighting levels. 
> A verbose, high-resolution readout from the API SHOULD be subject to
> The user agent SHOULD inform the user about the current and past 
uses of the API.

Please view or discuss this issue at 
https://github.com/w3c/ambient-light/issues/13 using your GitHub 

Received on Wednesday, 31 August 2016 13:21:51 UTC