- From: Chaals McCathie Nevile <chaals@yandex-team.ru>
- Date: Fri, 12 Feb 2016 10:36:14 +0100
- To: public-device-apis@w3.org
On Fri, 12 Feb 2016 10:27:04 +0100, Kostiainen, Anssi <anssi.kostiainen@intel.com> wrote: >> On 12 Feb 2016, at 11:16, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com> >> wrote: >> >> Apologies for the delay. >> >> Vibration standard currently has no privacy considerations. And even if >> on its own it may not exhibit issues here, it is known that in in >> conjunction with other sources this is not so easy to ascertain. >> >> For example, causing vibration of a device and reading the output of >> accelerometer - can allow fingerprinting by imperfections in the >> accelerometer sensors. >> >> For more information we can consult, e.g.: >> http://synrg.csl.illinois.edu/papers/AccelPrint_NDSS14.pdf >> http://arxiv.org/pdf/1408.1416v1.pdf >> >> For the current vibration standard, why not include some privacy >> considerations i.e. "even if on it's own this API is unlikely to create >> privacy risks, it is known that in conjunction with other APIs it can >> be used to fingerprint the user's device"? > > Personally, I'd be happy to include such privacy considerations to the > spec. May I ask you to open an issue for this so we can track it > appropriately: > > https://github.com/w3c/vibration/issues/new I did this: https://github.com/w3c/vibration/issues/2 As well as being useful for device fingerprinting, in a situation that allows physical observation the effects of vibration can often be observed by a third party, leading to physical identification of a device and thereby user. cheers -- Charles McCathie Nevile - web standards - CTO Office, Yandex chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Friday, 12 February 2016 09:36:46 UTC