- From: Tobie Langel via GitHub <sysbot+gh@w3.org>
- Date: Thu, 20 Apr 2017 12:52:35 +0000
- To: public-device-apis-log@w3.org
> If we design powerful APIs first, without use-cases, we will achieve parity with native: privacy- and security-vulnerability parity. That is how legacy platforms were designed, and that's what we need to get away from (especially in this world where drive-by, ephemeral mobile code is a key feature). > > A key security and privacy question has been, how much precision and frequency do we need in these samples? And we can't answer those questions without use-cases. For ALS, the YouTube and Reader use-cases (which are essentially the same) are already served by the CSS Light Level API. If we want to go beyond that, we need use cases that go beyond that. You have a point. For ALS, I agree we don't seem to have use cases that require anything beyond the granularity of the CSS Light Level API (which, btw, has been [deferred to level 5](https://github.com/w3c/csswg-drafts/blob/de06a7b0f9b58b6ca79f3a36253bd8c569458973/mediaqueries/deferred-for-level-5.txt#L17-L97) of the media query spec for now). I've only looked at ALS as a testbed for the generic sensor API, so maybe @dougt or @anssiko have more info wrt to use-cases. Cursory search in the group's archive didn't yield much in terms of use cases that would require higher granularity. That said, we _have_ such use cases for sensors beyond ALS, notably motion sensors. The use cases for motion sensors require high precision and high frequency (120Hz and beyond). Furthermore, as the data is often integrated, mitigating privacy concerns by adding noise to the data samples (or even to their timestamps) isn't really an option as its effect would be exponential. Hence we have to solve this issue for motion sensors. Once we do, we might find this solution applies just as well to ALS, or instead ditch ALS altogether for now in favor of a mediaquery-inspired LightLevelSensor. As a sidenote, your comment about drive-by seems particularly intriguing wrt low-level and/or high-frequency sensors. Has limiting access based on PWA installed status been considered for sensors? Iirc that's been done for push notifications, no? -- GitHub Notification of comment by tobie Please view or discuss this issue at https://github.com/w3c/ambient-light/issues/23#issuecomment-295726399 using your GitHub account
Received on Thursday, 20 April 2017 12:52:42 UTC