@anssiko thanks for the follow up! A couple of notes: 1) re the `requestPermission()` update, i see your point that it seems to address the attack. I will follow up with the paper authors and see if they agree / have away of carrying out the attack otherwise and report back here. 2) re: Making the security and privacy considerations mandatory, i think this is a great first step, but two remaining concerns: - I suggest adding a 4th MUST condition: "fire events after the first-party context has received a user gesture" - In general its rare to have mandatory material in these areas of specs; is it possible to move the same content elsewhere (e.g. into the algorithm descriptions), or at least call to these mandatory privacy requirements in the algorithm descriptions? -- GitHub Notification of comment by snyderp Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/85#issuecomment-546644374 using your GitHub accountReceived on Saturday, 26 October 2019 22:22:37 UTC
This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:57 UTC