- From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
- Date: Tue, 19 Sep 2017 14:10:36 +0000
- To: public-device-apis-log@w3.org
I feel we should make https://w3c.github.io/sensors/#security-and-privacy as concise and actionable as possible to make it useful for implementers. Said differently, I'd like to avoid turning that section into an elaborate and ambiguous kitchen sink of unknowns. The risk of SOP violations is indeed a key concrete thing to flag out there. Re the proposed text. The S&P section contains the following text already: >A combination of selected sensors can potentially be used to form an out of band communication channel between devices. >Sensors can potentially be used in cross-device linking and tracking of a user. There's redundancy with the proposed text, so it would need some rewording to better fit the overall flow. The SOP violations should be caught latest in https://w3ctag.github.io/security-questionnaire/#sop-violations, but since authors should consider this up front adding some links to https://w3c.github.io/sensors/#security would be a good thing to make concrete spec authors aware of threats, mitigations they inherit from the Generic Sensor API, and mitigations they need to consider on a case by case basis. -- GitHub Notification of comment by anssiko Please view or discuss this issue at https://github.com/w3c/sensors/issues/193#issuecomment-330551757 using your GitHub account
Received on Tuesday, 19 September 2017 14:10:30 UTC