W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] Add mitigation strategy for skimming attacks when focus is lost.

From: Alexander Shalamov via GitHub <sysbot+gh@w3.org>
Date: Fri, 26 May 2017 12:28:48 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-304270745-1495801727-sysbot+gh@w3.org>
> Alright. Thanks for the comment on this. These were really helpful

:) welcome, normal Chromium review process routine for us.

>Thinking about this more, it might make sense to move the whole thing completely out of operating on task sources and have a global flag set somewhere instead that Update Reading algorithm checks each time. Thoughts?

For visibility, there are visibility events / hooks that can be used (already implemented in Chromium)
For focus, it is complicated, especially when you want to check same origin for two top-level-browsing contexts.

I would propose to create 'suspend active sensors' and 'resume active sensors' algorithm that would operate on 'active sensors' set. Would be nice addition to register / un-register pair. Then, new algorithms can be invoked from focus / visibility hooks.

@tobie Do you want me to create PR for suspend / resume algorithms?

-- 
GitHub Notification of comment by alexshalamov
Please view or discuss this issue at https://github.com/w3c/sensors/pull/213#issuecomment-304270745 using your GitHub account
Received on Friday, 26 May 2017 12:28:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC