- From: Mats Wichmann <mats@osg.samsung.com>
- Date: Mon, 17 Aug 2015 20:32:13 -0600
- To: public-device-apis@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/03/15 17:53, Nick Doty wrote: > I appreciate this being re-raised as I had only skimmed it before. > I was, similar to the authors of the paper, surprised to see the > level of detail exposed in the API. > > Are there issues in the DAP tracker regarding this issue or > potential updates to the spec? Should the Privacy Interest Group > conduct a deeper review, or is this API likely to be deprecated for > the generic sensor API? > > My concerns would be (from a very brief review): * a privacy and > security considerations that says there aren't any security > considerations is a red flag; in this case we should at least note > the very substantial concern * triggering of events on every > battery change makes it easier to identify the same user across > origins, across windows where one is private browsing or even > across browsers altogether * does the exact percentage need to be > revealed? couldn't almost all use cases be accomplished through two > booleans: `charging` and `lowBattery`? It's important to remember that local "web apps" are a consumer of all of these APIs as well. Perhaps some level of differentiation needs to start appearing. There's certainly a use case that can be made for a locally installed web app requesting finer grained information, although one could argue about whether it's a particularly valid use case. In the case of Tizen, which is my only real familiarity atm, a locally installed app has to declare a particular privilege if it uses various system information APIs (of which battery is one, a non-W3C API fwiw), which means there's a gate at install time. If the app is going to access web pages external to the device, a second privilege declaration is needed. I'm not sure the Tizen developers have thought about this issue either, with those two a malicious app could call home and reveal this level of information, and we all know how much the average user pays attention to the "this app needs access to A, B and C" before they click install (sigh). But that part of it is a different issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlXSmS0ACgkQwDGgkHPYVMYxFwCdERVsXmtccGm3UUN7TalFq5Pc n0QAn10FB0u0w2AiDa3CfEF6WRCnegPH =7bk8 -----END PGP SIGNATURE-----
Received on Tuesday, 18 August 2015 02:32:31 UTC