W3C home > Mailing lists > Public > public-device-apis-log@w3.org > November 2019

Re: [sensors] Spec should include mandatory mitigations for privacy harms / risks (#397)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 Nov 2019 14:42:25 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-559115499-1574865743-sysbot+gh@w3.org>
>Permission Request is a WICG report, not yet adopted by a Working Group. Not sure how the dependency is important here since it's not referenced by Generic Sensors, nor is it used in the [Permission] definition referenced by Generic Sensors.

It is indirectly relevant. [PERMISSIONS-REQUEST] complements [PERMISSIONS] with an API to programmatically request permissions. The above-mentioned proposal https://github.com/w3c/sensors/issues/397#issuecomment-559073025 adds a new privacy protection to [PERMISSIONS-REQUEST] to mitigate an attack known as first person bounce tracking. By adding this privacy protection to this API, also [other potential consumers](https://w3c.github.io/permissions/#permission-registry) of this programmatic request facility get the same privacy protection.

It is not a normative dependency on the Generic Sensor API since implementers can choose to implement the Generic Sensor API with [PERMISSIONS] but without [PERMISSIONS-REQUEST]. This is what Chrome ships today, but we heard Chrome is planning to also implement [PERMISSIONS-REQUEST] so we felt getting this mitigation in would be important.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/sensors/issues/397#issuecomment-559115499 using your GitHub account
Received on Wednesday, 27 November 2019 14:42:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:34:29 UTC