- From: Tobie Langel via GitHub <sysbot+gh@w3.org>
- Date: Thu, 13 Apr 2017 10:41:03 +0000
- To: public-device-apis-log@w3.org
Adding my comment here made directly in the Chrome's design doc: One of the key points of the generic sensor API is to expose low-level primitives so that (1) the Web platform can compete with native, and (2) developers have the tools to explore new use cases without requiring implementors to implement and deploy specific APIs for each new use case (as per the Extensible Web Manifesto). Of course, low-level primitives have added security and privacy concerns compared to higher-level APIs, which is why it makes sense to beef-up their permissions. If/when specific use cases emerge that could benefit from higher-level APIs and which could lessen the security concerns, it makes sense to add such APIs and entice developers to use them by making them available with "lighter" permissions. For example, the Youtube use case mentioned above could be handled by a dedicated LightLevel API, with two to three enum values (e.g. the lightlevel mediaquery inspired "dim", "normal", and "washed" values), with a frequency below 1Hz, whose permission would be granted by default, whereas ALS would require a prompt of some kind. Similarly, motion-sensors have high security/privacy issues, while a "device shaked" sensors (that would literally emit a new event everytime the device is shaked, similar to undo on iPhones) has much lower security concerns and could probably be offered with super low permissions. So to answer the larger question, we need to consider these sensors as tools for bleeding-edge use cases, and know that spec-editors and implementors will be paving the cowpath as common use-cases emerge. Such low-level access comes with a cost for developers: higher scrutiny (from both UA and users). For example, they could be limited to bookmarked/installed apps, origins with EV certs, or other, vendor-specific heuristics. So imho, don't worry about making these high-security risk sensors harder to access. That's part of the deal. -- GitHub Notification of comment by tobie Please view or discuss this issue at https://github.com/w3c/ambient-light/issues/23#issuecomment-293854905 using your GitHub account
Received on Thursday, 13 April 2017 10:41:18 UTC