Re: [sensors] Add mitigation strategy for skimming attacks when focus is lost.

> Alright. Thanks for the comment on this. These were really helpful

:) welcome, normal Chromium review process routine for us.

>Thinking about this more, it might make sense to move the whole thing completely out of operating on task sources and have a global flag set somewhere instead that Update Reading algorithm checks each time. Thoughts?

For visibility, there are visibility events / hooks that can be used (already implemented in Chromium)
For focus, it is complicated, especially when you want to check same origin for two top-level-browsing contexts.

I would propose to create 'suspend active sensors' and 'resume active sensors' algorithm that would operate on 'active sensors' set. Would be nice addition to register / un-register pair. Then, new algorithms can be invoked from focus / visibility hooks.

@tobie Do you want me to create PR for suspend / resume algorithms?

-- 
GitHub Notification of comment by alexshalamov
Please view or discuss this issue at https://github.com/w3c/sensors/pull/213#issuecomment-304270745 using your GitHub account

Received on Friday, 26 May 2017 12:28:55 UTC