W3C home > Mailing lists > Public > public-device-apis@w3.org > January 2014

RE: Network Information API

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Mon, 13 Jan 2014 07:00:17 +0000
To: "'Nicholas Doty'" <npdoty@w3.org>
CC: Josh Soref <jsoref@blackberry.com>, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, DAP <public-device-apis@w3.org>
Message-ID: <59A39E87EA9F964A836299497B686C35111483B7@WABOTH9MSGUSR8D.ITServices.sbc.com>
> (Nick wrote)
>> I think there's a privacy concern in using the pattern of fired events, too. If we expect background access to these events (because your podcast web app needs to know whether it should stop downloading into localStorage or not), simultaneously firing an event across frames/tabs/windows allows for potentially unexpected correlation across different browsing contexts.
> 
> <bryan> Background (meaning any browser/window/tab not in the foreground) access to the events is desired. Many always-on app use cases will depend upon background operation, and these are many of the same (e.g. feed readers, email, SocNet) that would benefit from network-event-driven sync. But I don't know what you mean/imply by "simultaneously firing an event across frames/tabs/windows allows for potentially unexpected correlation across different browsing contexts". Can you explain this further, and associate it so some real/prevalent privacy attack? Such info would be good to capture on the wiki, if it ends up influencing the design of the API. 

(Nick wrote)
> I believe the concern is that the user may not expect that, for example, an iframe embedded in multiple different windows, can determine that it's the same user in those different browsing/application contexts. If I'm logged in to my social media accounts in one browser window and simultaneously have a private browsing window open which I'm using to research a medical issue, I would be unpleasantly surprised if my social media account is associated with my private browsing because my network adapter changed.

<bryan> Still not getting the issue. Can you explain further how a network adapter change (I guess you mean that there was a connection established on a different interface), even if fired as an event to distinct windows, can cause a correlation issue between those windows? How would the iframes determine that it's the same user, and correlate that info with info about their parent windows?
Received on Monday, 13 January 2014 07:01:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:33:03 UTC