W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] Add mitigation strategy for skimming attacks when focus is lost.

From: Tobie Langel via GitHub <sysbot+gh@w3.org>
Date: Fri, 26 May 2017 12:34:31 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-304271792-1495802069-sysbot+gh@w3.org>
> For visibility, there are visibility events / hooks that can be used (already implemented in Chromium)
> For focus, it is complicated, especially when you want to check same origin for two top-level-browsing contexts.

Agreed. We can still spec it, even if it's not implementable as for now, as it seems like a desirable security feature.

> I would propose to create 'suspend active sensors' and 'resume active sensors' algorithm that would operate on 'active sensors' set. Would be nice addition to register / un-register pair. Then, new algorithms can be invoked from focus / visibility hooks.

So the underlying question is whether we want to add a fourth, "suspended", sensor state, or just leave them as activated and prevent them from firing stuff.

@tobie Do you want me to create PR for suspend / resume algorithms?

That's sweet of you, but I'd rather just bake that in the existing PR on the topic.

-- 
GitHub Notification of comment by tobie
Please view or discuss this issue at https://github.com/w3c/sensors/pull/213#issuecomment-304271792 using your GitHub account
Received on Friday, 26 May 2017 12:34:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC