Re: [ambient-light] RFC: Mandate that illuminance readings be rounded; require threshold value check. (#77)

Thank you. We discussed the proposed mitigations in the PING call today. As a result of that conversation we have a couple of follow-up questions:
* Could you clarify for us why the WG chose a 50lx threshold?
* Also, notwithstanding the mitigations, is there still a fingerprinting risk (albeit a reduced risk)? More specifically, to what extent does reducing to a 50lx threshold (or any threshold) prevent fingerprinting on the basis of opening up the capacity to track a user through typical behavior patterns?

And, a more general privacy question (not related to reducing granularity), how does the specification prevent or protect against cross-device tracking (e.g. the light equivalent of ultrasonic beacons)?

More specifically, we have received these observations and comments:
* Even bucketing by 50lux still seems to expose a lot of fingerprinting surface (>=4bits given the range here), which doesn’t seem acceptable
* Bucketing doesn’t seem to address the “ephemeral fingerprinting” concern
* This API seems like an extremely infrequently needed feature (as evidenced by most browsers not being interested in implementing); so, why not put it behind a permission prompt?
* This seems to be easily exploitable as a covert channel (write to the channel by changing the brightness of the content on the page, read from the channel through the brightness sensor). The spec needs to address this (e.g. through permission prompt)

-- 
GitHub Notification of comment by sandandsnow
Please view or discuss this issue at https://github.com/w3c/ambient-light/pull/77#issuecomment-1049082761 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 23 February 2022 18:27:38 UTC