Re: [sensors] Add mitigation strategy for skimming attacks when focus is lost.

> For visibility, there are visibility events / hooks that can be used (already implemented in Chromium)
> For focus, it is complicated, especially when you want to check same origin for two top-level-browsing contexts.

Agreed. We can still spec it, even if it's not implementable as for now, as it seems like a desirable security feature.

> I would propose to create 'suspend active sensors' and 'resume active sensors' algorithm that would operate on 'active sensors' set. Would be nice addition to register / un-register pair. Then, new algorithms can be invoked from focus / visibility hooks.

So the underlying question is whether we want to add a fourth, "suspended", sensor state, or just leave them as activated and prevent them from firing stuff.

@tobie Do you want me to create PR for suspend / resume algorithms?

That's sweet of you, but I'd rather just bake that in the existing PR on the topic.

-- 
GitHub Notification of comment by tobie
Please view or discuss this issue at https://github.com/w3c/sensors/pull/213#issuecomment-304271792 using your GitHub account

Received on Friday, 26 May 2017 12:34:37 UTC