W3C home > Mailing lists > Public > public-device-apis-log@w3.org > October 2019

Re: [deviceorientation] Move fingerprintable APIs behind permissions (#85)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Fri, 25 Oct 2019 06:22:09 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-546218856-1571984528-sysbot+gh@w3.org>
@snyderp thanks for bringing this paper to the group's attention.

Since the paper was published, the group has done a number of privacy enhancements to the spec that I believe addressed the issue.

To summarize:

* In #68 the spec has added a static `requestPermission()` operation to [`DeviceMotionEvent`](https://w3c.github.io/deviceorientation/#dom-devicemotionevent-requestpermission) and [`DeviceOrientationEvent`](https://w3c.github.io/deviceorientation/#dom-deviceorientationevent-requestpermission), specified `requestPermission()` related algorithms in detail, and added a [permission model](https://w3c.github.io/deviceorientation/#id=permission-model) section.
* In #59 the group clarified the [security and privacy considerations](https://w3c.github.io/deviceorientation/#security-and-privacy) section and made its assertions normative.

Further implementation experience is being gathered for the permission model and specification clarifications informed by this experience are being discussed in GitHub issue #74.

Please review the [latest spec](https://w3c.github.io/deviceorientation/) and let us know of any further changes you think are required to mitigate the identified vector adequately.

GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/85#issuecomment-546218856 using your GitHub account
Received on Friday, 25 October 2019 06:22:10 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:57 UTC