- From: Lukasz Olejnik via GitHub <sysbot+gh@w3.org>
- Date: Fri, 11 Feb 2022 09:40:08 +0000
- To: public-device-apis-log@w3.org
Hello, Thanks for not limiting to the frequency reduction which was not the central culprit of some [past risks](https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/). I'm happy this gets formalised and I agree that this minimises the risks of such known attacks. Minimises, as it isn't clear if we're aware of the full risk potential. That said, this change helps, and likely fixes the most "reasonable" scenarios imaginable. I agree that "50 lx" is quite a strong limitation, unless for really specific circumstances (can't be ruled out but probably atypical anyway). Another approach could involve further reduction and possibly going from quantitative lux readout to qualitative description such as "bright", "dark", "very dark", etc. -- GitHub Notification of comment by lknik Please view or discuss this issue at https://github.com/w3c/ambient-light/pull/77#issuecomment-1036025563 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 11 February 2022 09:40:10 UTC