- From: Kostiainen, Anssi <anssi.kostiainen@intel.com>
- Date: Fri, 12 Feb 2016 09:27:04 +0000
- To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>
- CC: W3C Device APIs WG <public-device-apis@w3.org>, Frederick Hirsch <w3c@fjhirsch.com>
> On 12 Feb 2016, at 11:16, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com> wrote: > > Apologies for the delay. > > Vibration standard currently has no privacy considerations. And even if on its own it may not exhibit issues here, it is known that in in conjunction with other sources this is not so easy to ascertain. > > For example, causing vibration of a device and reading the output of accelerometer - can allow fingerprinting by imperfections in the accelerometer sensors. > > For more information we can consult, e.g.: > http://synrg.csl.illinois.edu/papers/AccelPrint_NDSS14.pdf > http://arxiv.org/pdf/1408.1416v1.pdf > > For the current vibration standard, why not include some privacy considerations i.e. "even if on it's own this API is unlikely to create privacy risks, it is known that in conjunction with other APIs it can be used to fingerprint the user's device"? Personally, I'd be happy to include such privacy considerations to the spec. May I ask you to open an issue for this so we can track it appropriately: https://github.com/w3c/vibration/issues/new Thanks, -Anssi
Received on Friday, 12 February 2016 09:27:39 UTC