- From: Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
- Date: Mon, 29 Feb 2016 22:46:19 +0100
- To: David Singer <singer@apple.com>
- Cc: Chaals McCathie Nevile <chaals@yandex-team.ru>, Frederick Hirsch <w3c@fjhirsch.com>, W3C Device APIs WG <public-device-apis@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAC1M5qoWhKELJYE_tope=cydzwZTjrupVELUycWY17Bu5JRS2Q@mail.gmail.com>
2016-02-29 22:37 GMT+01:00 David Singer <singer@apple.com>: > > > On Feb 29, 2016, at 13:34 , Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com> > wrote: > > > > Hello > > > > 2016-02-29 22:26 GMT+01:00 David (Standards) Singer <singer@apple.com>: > > I have generally understood ‘fingerprinting’ as meaning *reading* a set > of the device (or user) that uniquely identifies it (sure, using active > APIs sometimes to gather the data). I don’t see how a vibration API tells > you anything about the device (except maybe the 1-bit “can it vibrate?”). > > > > That's exactly my point, which is already addressed in the > considerations (that I had the pleasure to co-write). Vibration provides > *input* for other sensors, it allows to "probe" them. > > > > > > So, is this API a fingerprint risk, or a beacon risk? > > > > It provides information > > that’s my puzzle. it provides almost no information at all. what > information does it provide? > > it can transmit information (e.g. the vibrate pattern), it can identify a > device ‘in a crowd’, and so on, but… > Vibration can aid with "probing" and acquiring other information, i.e. for more information, please see: https://lists.w3.org/Archives/Public/public-device-apis/2016Feb/0053.html Additionally, I basically finalizad my longer doc on the subject - it'll be here within days I hope. LO > > > > - which, in conjunction with other sensors, is a risk. > > > > There will be a more comprehensive document here, soon. > > > > Best > > Lukasz > > > > > On Feb 27, 2016, at 10:43 , Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com> > wrote: > > > > > > > > > > > > > > > > > > > > > > > > 6. Applications might want to give indications when vibration is in > use. > > > > > > Definitely, there SHOULD be an option to indicate it... > > > > > > I don't think that's right. There is an indication that vibration is > in use: the device is *moving*. > > > > > > It is, if the user is monitoring this device at that very moment, and > also including your considerations below (thanks!). > > > > > > > > > So there are a couple of more interesting things: > > > > > > When a foregrounded page has permission for vibration, there should be > an indicator. The same applies to a backgrounded page - I think something > like the audio playing thing that browsers have started doing would be > useful. Indeed, it would copy a familiar iconic paradigm from the world of > phones which have had vibrators for more than two decades (and therefore is > unlikely to have any IPR issues outstanding). > > > > > > There are plenty of use cases for a backgrounded page having vibrate > permission - the simple one being the same as the phone, that it is less > obtrusive as a way of requesting attention, and works without actually > seeing the device. > > > > > > And finally, of course it is important that all such notifications or > status indicators are actually *accessible* - have sufficient contrast, are > announced to screen readers / magnifiers, etc. While this is something that > browsers should be doing, rather than technically part of the spec, it is > worth noting that in the privacy considerations and mitigations, and > tracking whether we have acieved the goal. A spec that provides theoretical > accessibility but is implemented consistently in a way that discriminates > against users with disabilities really isn't good enough. > > > > > > This is, in essence, somewhat similar to what I was thinking about for > long now. I do hope to make the PDF public asap, definitely I'll post it to > the list. > > > > > > Best > > > Lukasz > > > > > > > > > cheers > > > > > > Chaals > > > > > > > > > > > > -- > > > Charles McCathie Nevile - web standards - CTO Office, Yandex > > > chaals@yandex-team.ru - - - Find more at http://yandex.com > > > > David Singer > > Manager, Software Standards, Apple Inc. > > > > > > David Singer > Manager, Software Standards, Apple Inc. > >
Received on Monday, 29 February 2016 21:46:50 UTC