Re: [sensors] Addressing finger printing concerns for sensor APIs

Since @draggett raised his concern two years ago, there has been significant advancements in the Generic Sensor API with respect to security and privacy as can be seen from the extensive section. This part of the spec has received input from and has been reviewed and scrutinized by industry experts in the WG and the Chrome Security team. Also the practicality of the defined mitigation strategies have been validated by an implementation in a major browser, Chrome.

>Is there a need for hooks to allow such third party extensions to monitor API usage?

Echoing others' views, I feel this is an area for further exploration, but given its broader scope I'd prefer to see this work happen in and would encourage @draggett (or his security-minded delegate) to raise this topic in WICG for further discussion. I feel such hooks would need to be retrofittable and as such we could add them to the Generic Sensor API at a later stage similarly as to other privacy-sensitive APIs on the platform, Geolocation API et al.

That said, I'd be inclined to close this issue, and move the follow-up discussion to WICG.

GitHub Notification of comment by anssiko
Please view or discuss this issue at using your GitHub account

Received on Thursday, 7 September 2017 07:49:21 UTC