W3C home > Mailing lists > Public > public-device-apis-log@w3.org > September 2017

Re: [sensors] Addressing finger printing concerns for sensor APIs

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 Sep 2017 07:49:21 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-327718221-1504770551-sysbot+gh@w3.org>
Since @draggett raised his concern two years ago, there has been significant advancements in the Generic Sensor API with respect to security and privacy as can be seen from the extensive https://w3c.github.io/sensors/#security-and-privacy section. This part of the spec has received input from and has been reviewed and scrutinized by industry experts in the WG and the Chrome Security team. Also the practicality of the defined mitigation strategies have been validated by an implementation in a major browser, Chrome.

>Is there a need for hooks to allow such third party extensions to monitor API usage?

Echoing others' views, I feel this is an area for further exploration, but given its broader scope I'd prefer to see this work happen in https://wicg.io/ and would encourage @draggett (or his security-minded delegate) to raise this topic in WICG for further discussion. I feel such hooks would need to be retrofittable and as such we could add them to the Generic Sensor API at a later stage similarly as to other privacy-sensitive APIs on the platform, Geolocation API et al.

That said, I'd be inclined to close this issue, and move the follow-up discussion to WICG.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/sensors/issues/69#issuecomment-327718221 using your GitHub account
Received on Thursday, 7 September 2017 07:49:21 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:54 UTC