W3C home > Mailing lists > Public > public-device-apis-log@w3.org > October 2019

Re: [deviceorientation] Move fingerprintable APIs behind permissions (#85)

From: pes via GitHub <sysbot+gh@w3.org>
Date: Sat, 26 Oct 2019 22:22:36 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-546644374-1572128555-sysbot+gh@w3.org>
@anssiko thanks for the follow up!  A couple of notes:

1) re the `requestPermission()` update, i see your point that it seems to address the attack.  I will follow up with the paper authors and see if they agree / have away of carrying out the attack otherwise and report back here.

2) re: Making the security and privacy considerations mandatory, i think this is a great first step, but two remaining concerns:
 - I suggest adding a 4th MUST condition: "fire events after the first-party context has received a user gesture"
 - In general its rare to have mandatory material in these areas of specs; is it possible to move the same content elsewhere (e.g. into the algorithm descriptions), or at least call to these mandatory privacy requirements in the algorithm descriptions?

GitHub Notification of comment by snyderp
Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/85#issuecomment-546644374 using your GitHub account
Received on Saturday, 26 October 2019 22:22:37 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:57 UTC