W3C home > Mailing lists > Public > public-device-apis-log@w3.org > November 2019

Re: [sensors] Spec should include mandatory mitigations for privacy harms / risks (#397)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Mon, 25 Nov 2019 21:02:07 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-558338394-1574715726-sysbot+gh@w3.org>
@snyderp do you actually mean https://html.spec.whatwg.org/multipage/interaction.html#triggered-by-user-activation when you say user gesture? There was possible confusion over terminology.

If so, triggered by user activation requirement would fit in the Permissions API `request()` https://wicg.github.io/permissions-request/#dom-permissions-request and in the Generic Sensor API `start()` https://w3c.github.io/sensors/#sensor-start

5.6 https://w3c.github.io/sensors/#can-expose-sensor-readings is invoked on each sensor reading, so requiring every reading to be triggered by user activation does not provide a reasonable UX. One click, one reading, while some use cases would need possibly 60 readings per second.

I think this ask would be satisfied reasonably if https://html.spec.whatwg.org/multipage/interaction.html#triggered-by-user-activation would be added to https://w3c.github.io/sensors/#sensor-start as a condition for success.

@reillyeon would Chrome be supportive of this change?

All - any other concerns or issues with this proposal?

(Related issue and WG decision at https://github.com/w3c/sensors/issues/388 where the group decided not to add a method similar to https://w3c.github.io/deviceorientation/#dom-deviceorientationevent-requestpermission to the Generic Sensor API.)

GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/sensors/issues/397#issuecomment-558338394 using your GitHub account
Received on Monday, 25 November 2019 21:02:09 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:57 UTC