- From: Chaals McCathie Nevile <chaals@yandex-team.ru>
- Date: Thu, 18 Feb 2016 18:57:18 +0100
- To: public-geolocation@w3.org, "maryammjd via GitHub" <sysbot+gh@w3.org>
On Wed, 10 Feb 2016 12:40:10 +0100, maryammjd via GitHub <sysbot+gh@w3.org> wrote: > @timvolodine > The security discussion is nice, however the security and privacy > risks associated with this issue are more than fingerprinting the > mobile devices. As we discussed it with the W3C Geolocation Working > Group via emails, our > [paper](http://www.sciencedirect.com/science/article/pii/S2214212615000678) > (published in the Journal of Information Security and Applications) > shows that these sensor measurements can reveal the user's PINs. It is > worth mentioning this level of security risks in the security > consideration section. Hi Maryam, is the paper available somewhere for less than $30? Or do the mitigations suggested in the conclusion look at either the use of vibration, e.g. the vibration API, to add noise to the data, or the little trick done by e.g. BancoSantander where they provide an onscreen keyboard that randomly shuffles key positions at each keypress? cheers Chaals -- Charles McCathie Nevile - web standards - CTO Office, Yandex chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Thursday, 18 February 2016 17:57:53 UTC