W3C home > Mailing lists > Public > public-geolocation@w3.org > August 2011

Re: Security issue of orientation events.

From: Dave Raggett <dsr@w3.org>
Date: Thu, 18 Aug 2011 11:45:54 +0100
Message-ID: <4E4CED62.204@w3.org>
To: Dominique Hazael-Massieux <dom@w3.org>
CC: Wojciech Masłowski <wmaslowski@opera.com>, "public-geolocation@w3.org" <public-geolocation@w3.org>
On 18/08/11 11:20, Dominique Hazael-Massieux wrote:
> Le jeudi 18 août 2011 à 10:26 +0200, Wojciech Masłowski a écrit :
>> http://www.newscientist.com/article/mg21128255.200-smartphone-jiggles-reveal-your-private-data.html
>> TLDR: It is possible to construct a keylogger using only accelerometer
>> data. Maybe we should think about revising security policy for device
>> orientation events and force UA to ask user if he wants to allow site to
>> use orientation events.
> Isn't it that this is only problematic if a Web page wants to keep
> getting orientation events when not visible? Maybe permission would need
> to be asked only in cases a Web page needs to get these events even when
> not visible?
> Dom

Are there any guidelines relating to iframes which are like a web page 
within a web page?

  Dave Raggett<dsr@w3.org>  http://www.w3.org/People/Raggett
Received on Thursday, 18 August 2011 10:46:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:02 UTC