W3C home > Mailing lists > Public > public-geolocation@w3.org > April 2017

Re: [deviceorientation] Security/privacy consideration: cross-origin linkage

From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
Date: Wed, 19 Apr 2017 08:19:59 +0000
To: public-geolocation@w3.org
Message-ID: <issue_comment.created-295158342-1492589998-sysbot+gh@w3.org>
one way to mitigate this (which would also help with the [TouchSignatures attack](https://blogs.ncl.ac.uk/security/2016/02/05/touchsignatures-identification-of-user-touch-actions-and-pins-based-on-mobile-sensor-data-via-javascript/)) would be to restrict DeviceOrientation to visible browsing context.

-- 
GitHub Notification of comment by dontcallmedom
Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/33#issuecomment-295158342 using your GitHub account
Received on Wednesday, 19 April 2017 08:20:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:15 UTC