[sensors] Updating security and privacy considerations

lknik has just created a new issue for https://github.com/w3c/sensors:

== Updating security and privacy considerations ==
I would suggest updating

> Variations in sensor readings as well as event firing rates offer 
the possibility of fingerprinting to identify users. User agents may 
reduce the risk by limiting event rates available to web application 
developers.

to

> Variations in sensor readings as well as event firing rates offer 
the possibility of fingerprinting to identify users. User agents may 
reduce the risk by limiting event rates available to web application 
developers.
> 
> Minimizing the accuracy of a sensor's readout generally decreases 
the risk of fingerprinting. User agents should not provide 
unnecessarily verbose readouts of sensors data. Each sensor should be 
assessed individually.

Rationale: sometimes too verbose readout provides data on user's 
system/architecture, but is not necessary at all. Example: battery 
readout of 0.999424722 and 0.99 (sufficient).

Also, changing

> User agents should consider providing the user an indication of when
 the sensor is used and allowing the user to disable it.


to

> User agents should consider providing the user an indication of when
 the sensor is used and allowing the user to disable it. Additionally,
 user agents should consider allowing the user to verify past sensor 
use patterns.




Please view or discuss this issue at 
https://github.com/w3c/sensors/issues/117 using your GitHub account

Received on Wednesday, 27 July 2016 16:55:56 UTC