Re: [ambient-light] Security and Privacy considerations for ALS (#13)

>What are the blockers for getting the Ambient Light Sensor data made available for everyone?

It is at each browser's discretion when and whether to ship by default. The spec itself is ready for implementation: it has passed [wide review](https://github.com/w3c/sensors/issues/299) and reached feature completeness (aka Candidate Rec), although some new features are being proposed (below).

To help browsers make a shipping decision at this point, the community can help:
- demonstrate there are valuable [use cases](https://w3c.github.io/ambient-light/#usecases-requirements) and demand;
- demonstrate [security and privacy considerations](https://w3c.github.io/ambient-light/#security-and-privacy) are addressed.

You just helped with the former. For the latter, the spec recommends implementations to limit maximum sampling frequency and reduce accuracy of sensor readings. As of now, frequency cap and reading accuracy are implementation details given different implementers might have different preferences. For example, [Chromium project's earlier thinking](https://docs.google.com/document/d/1XThujZ2VJm0z0Gon1zbFkYhYo6K8nMxJjxNJ3wk9KHo/edit) was to cap ALS at 10 Hz with a 4-bit resolution limit -- this may have changed since.

Additional mitigation that has been proposed recently is to add an [API for requesting permission](https://github.com/w3c/sensors/issues/388) to the generic sensor framework also ALS would inherit.

@Joe-Palmer, thanks for the use case. I hope this clarifies the current status.

@riju will be looking at this issues from the Chromium implementation perspective. You can follow https://crbug.com/606766 for implementation updates.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/ambient-light/issues/13#issuecomment-499067438 using your GitHub account

Received on Wednesday, 5 June 2019 12:45:36 UTC