W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] First pass at adding sensor-specific mitigation strategies.

From: Tobie Langel via GitHub <sysbot+gh@w3.org>
Date: Mon, 08 May 2017 13:52:45 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-299872798-1494251564-sysbot+gh@w3.org>
[Mobile Device Identification via Sensor Fingerprinting](https://crypto.stanford.edu/gyrophone/sensor_id.pdf) also suggest the following mitigation strategy against fingerprinting. Thoughts?

> Device identification via sensor fingerprinting has benign
as well as malicious uses. In the context of privacy violation
for example, it is worth considering the possible
methods for mitigating this threat to mobile users.
For any particular sensor, the feasibility of fingerprinting
can be practically eliminated by calibrating the sensor at
the time of manufacturing. A different, software-only
approach can be to add a random value to the sensor
output at the OS level. This value can remain constant
during continuous use of the device, allowing software
such as mobile games to calibrate the sensor if needed.
During periods of long inactivity, the random value can
change—which would invalidate any device fingerprint
that may have been collected already.

-- 
GitHub Notification of comment by tobie
Please view or discuss this issue at https://github.com/w3c/sensors/pull/191#issuecomment-299872798 using your GitHub account
Received on Monday, 8 May 2017 13:52:52 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC