- From: pes via GitHub <sysbot+gh@w3.org>
- Date: Sat, 26 Oct 2019 22:22:36 +0000
- To: public-device-apis-log@w3.org
@anssiko thanks for the follow up! A couple of notes: 1) re the `requestPermission()` update, i see your point that it seems to address the attack. I will follow up with the paper authors and see if they agree / have away of carrying out the attack otherwise and report back here. 2) re: Making the security and privacy considerations mandatory, i think this is a great first step, but two remaining concerns: - I suggest adding a 4th MUST condition: "fire events after the first-party context has received a user gesture" - In general its rare to have mandatory material in these areas of specs; is it possible to move the same content elsewhere (e.g. into the algorithm descriptions), or at least call to these mandatory privacy requirements in the algorithm descriptions? -- GitHub Notification of comment by snyderp Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/85#issuecomment-546644374 using your GitHub account
Received on Saturday, 26 October 2019 22:22:37 UTC