- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 5 Jan 2010 17:39:28 +0100
- To: Max Froumentin <maxfro@opera.com>
- Cc: Thomas Roessler <tlr@w3.org>, "public-device-apis@w3.org" <public-device-apis@w3.org>
A high-level comment first: Mapping the network environment with lots of detail opens the door for at least two sensitive effects. 1. Providing information that's equivalent to locating the user. The "MAC address of the router" piece goes into this direction, as does the ESSID, as does information about the relative strength of GSM and UMTS and Wifi signals, when combined. The specification needs privacy considerations that spell this out; information that turns out to be location-equivalent needs a user interaction akin to the location one. 2. Mapping a network in detail (e.g., learning device manufacturers through MAC addresses) can make attacks much easier. Now, I'm not advocating security through obscurity (and yes, perimeters are dead anyway), but we should keep in mind the side effects of this work, and keep the network mapping API to what we have concrete use cases for. On a more detailed level: - What's the use case for enumerating all IP addresses that a multihomed device might have, *from* *a* *Web* *application*? - What's the use case for the signal strength? (There's some location fun to be had with signal strength from several access points or network devices; therefore, this information contributes is a piece of the location-related puzzle.) - What does the "encrypted" attribute mean? Do we count weak crypto (e.g., current GSM ciphers or WEP)? Do we count link-level encryption to some network intermediary only, or other things? Objection! Regards, -- Thomas Roessler, W3C <tlr@w3.org> On 18 Dec 2009, at 13:27, Max Froumentin wrote: > Hi WG, > As promised on Wednesday, I'm submitting a SysInfo draft for review. It is at: http://dev.w3.org/2009/dap/system-info/ > > Max. > >
Received on Tuesday, 5 January 2010 16:39:30 UTC