Re: [vibration] Suggested changes for the Rec errata and Proposed Edited Rec

On Fri, 12 Feb 2016 10:27:04 +0100, Kostiainen, Anssi  
<anssi.kostiainen@intel.com> wrote:

>> On 12 Feb 2016, at 11:16, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>  
>> wrote:
>>
>> Apologies for the delay.
>>
>> Vibration standard currently has no privacy considerations. And even if  
>> on its own it may not exhibit issues here, it is known that in in  
>> conjunction with other sources this is not so easy to ascertain.
>>
>> For example, causing vibration of a device and reading the output of  
>> accelerometer - can allow fingerprinting by imperfections in the  
>> accelerometer sensors.
>>
>> For more information we can consult, e.g.:
>> http://synrg.csl.illinois.edu/papers/AccelPrint_NDSS14.pdf
>> http://arxiv.org/pdf/1408.1416v1.pdf
>>
>> For the current vibration standard, why not include some privacy  
>> considerations i.e. "even if on it's own this API is unlikely to create  
>> privacy risks, it is known that in conjunction with other APIs it can  
>> be used to fingerprint the user's device"?
>
> Personally, I'd be happy to include such privacy considerations to the  
> spec. May I ask you to open an issue for this so we can track it  
> appropriately:
>
> https://github.com/w3c/vibration/issues/new

I did this: https://github.com/w3c/vibration/issues/2

As well as being useful for device fingerprinting, in a situation that  
allows physical observation the effects of vibration can often be observed  
by a third party, leading to physical identification of a device and  
thereby user.

cheers

-- 
Charles McCathie Nevile - web standards - CTO Office, Yandex
  chaals@yandex-team.ru - - - Find more at http://yandex.com

Received on Friday, 12 February 2016 09:36:46 UTC