W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] Add mitigation strategy for skimming attacks when focus is lost.

From: Tobie Langel via GitHub <sysbot+gh@w3.org>
Date: Fri, 26 May 2017 12:34:31 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-304271792-1495802069-sysbot+gh@w3.org>
> For visibility, there are visibility events / hooks that can be used (already implemented in Chromium)
> For focus, it is complicated, especially when you want to check same origin for two top-level-browsing contexts.

Agreed. We can still spec it, even if it's not implementable as for now, as it seems like a desirable security feature.

> I would propose to create 'suspend active sensors' and 'resume active sensors' algorithm that would operate on 'active sensors' set. Would be nice addition to register / un-register pair. Then, new algorithms can be invoked from focus / visibility hooks.

So the underlying question is whether we want to add a fourth, "suspended", sensor state, or just leave them as activated and prevent them from firing stuff.

@tobie Do you want me to create PR for suspend / resume algorithms?

That's sweet of you, but I'd rather just bake that in the existing PR on the topic.

GitHub Notification of comment by tobie
Please view or discuss this issue at https://github.com/w3c/sensors/pull/213#issuecomment-304271792 using your GitHub account
Received on Friday, 26 May 2017 12:34:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC