W3C home > Mailing lists > Public > public-device-apis-log@w3.org > August 2017

Re: [ambient-light] Security and Privacy considerations for ALS

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Sun, 27 Aug 2017 06:02:34 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-325179063-1503813746-sysbot+gh@w3.org>
I think an even more explicit text in this case would be warranted that mentions attack vectors that are detecting visited links and stealing cross-origin resources by reading light emitted by each pixel separately. You could make your proposal sound more explicit by noting these details. Would you mind providing us an updated proposed text? Otherwise, I'll propose something myself.

Consider your extra bullet in the context of the current text to avoid redundancy:

https://w3c.github.io/ambient-light/#security-and-privacy


This would allow implementers to know exactly what they need to mitigate against. I feel the current proposal is too abstract.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/ambient-light/issues/13#issuecomment-325179063 using your GitHub account
Received on Sunday, 27 August 2017 06:02:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC