- From: Rich Tibbett via GitHub <sysbot+gh@w3.org>
- Date: Thu, 31 Jan 2019 10:55:41 +0000
- To: public-device-apis-log@w3.org
I'm exasperated by the level of cognitive dissonance in this discussion. The 3 recommendations to resolve all fingerprinting or key logging ability in this API and to prevent a breakdown of all existing web developer code are as follows: * **Obfuscation**: Add a random constant in the range [-0.05, 0.05] to all `deviceorientation` data and [-0.005, 0.005] to all `devicemotion` data. Optionally adjust that value during idle periods of inactivity for dynamic obfuscation (when e.g. the device is placed on a table). * **Quantization**: Round all sensor data to a discrete set of values. For `deviceorientation` round the data emitted to e.g. 2 decimal places. For `devicemotion` round the data emitted to e.g. 4 decimal places. * **Frequency**: Optionally, reduce sensor data frequency from 60Hz to e.g. 30Hz. Why are these solutions, that do not impact the footprint of this API, still not being seriously considered? Even if that turns out to be an interim solution it presents a more positive development of this API than the disruptive, backward-incompatible changes being considered. How would these updates not strike the correct pragmatic balance of resolving all privacy concerns while protecting access for legitimate users? If these low-impact fixes for the original reported issue continue to be ignored this is what a responsible deprecation process for established Web APIs looks like: https://developers.google.com/web/updates/2018/09/chrome-70-deps-rems#deprecation-policy Nobody has ruled out a permissions approach for this API if that is the least-worst acceptable solution. I'm just surprised that there is such little interest in progressively experimenting and fixing issues according to the recommendations of all studies in to the issues. -- GitHub Notification of comment by richtr Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/57#issuecomment-459302243 using your GitHub account
Received on Thursday, 31 January 2019 10:55:42 UTC