Re: [sensors] Should we request permission when sensor is not supported by the platform? from Owen Campbell-Moore via GitHub on 2016-11-22 (public-device-apis-log@w3.org from November 2016)

From: Owen Campbell-Moore via GitHub <sysbot+gh@w3.org>
Date: Tue, 22 Nov 2016 01:42:15 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-262123194-1479778934-sysbot+gh@w3.org>

Context: I helped determine Chrome's internal guide on when to apply 
permissions to APIs, but I am not on the security team and thus am not
 the ultimate decision maker.

Disclaimer: I don't have full context here and may be missing 
something, but regardless, here are some general thoughts:

- A single bit of "fingerprinting" surface isn't a meaningful vector 
of attack, given the already huge surface area. Low amounts of 
fingerprinting surface are not justification for adding permissions 
IMHO
- Permissions are an extremely heavy hammer and will significantly 
reduce usage and developer adoption, and thus we should consider them 
very carefully.

-- 
GitHub Notification of comment by owencm
Please view or discuss this issue at 
https://github.com/w3c/sensors/issues/145#issuecomment-262123194 using
 your GitHub account

Received on Tuesday, 22 November 2016 01:42:22 UTC