W3C home > Mailing lists > Public > public-device-apis-log@w3.org > December 2018

Re: [deviceorientation] Add API for requesting permission to receive device motion / orientation events (#57)

From: Rich Tibbett via GitHub <sysbot+gh@w3.org>
Date: Wed, 19 Dec 2018 09:24:52 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-448526888-1545211491-sysbot+gh@w3.org>
@reillyeon If we must add permissions to this API then your approach seems like a least disruptive way to do that - progressively reducing the data available (assuming (2) continues to be available by default without permissions). We could also add a relevant console warning message during this process informing developers of the planned change to access in future releases.

What the research in https://arxiv.org/pdf/1605.08763.pdf suggests is that a combination of reducing the frequency of events + sensor obfuscation + sensor quantization would be enough to significantly fix security and privacy concerns in this thread without significantly disrupting web app UI and UX for legitimate actors. Permission dialogs or any changes that disrupt a user's flow while using a web app should be considered as a last resort (when all you have is a hammer...).

There is going to be a disruptive impact of adding permission requirements for sensor events on the nascent web VR/AR/360 ecosystem. e.g. Developers will need to start wrapping their calls for sensor events within user-gesture events IIUC. It is unclear if or how permission requests would display if called from within e.g. iframes (with e.g. correct `allow` attributes cross-origin).

Anything we can do to reduce the impact of blocked requests and disrupted UI/UX experiences within this ecosystem - gradually introducing such disruptive changes only if all other techniques have been tried and deemed unsatisfactory after further studies, making developers aware of these updates via e.g. `console.warn` before they land and not just landing these changes one day in mainline browsers without letting existing API consumers adapt - would be very welcome here.

GitHub Notification of comment by richtr
Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/57#issuecomment-448526888 using your GitHub account
Received on Wednesday, 19 December 2018 09:24:54 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:56 UTC