Re: [deviceorientation] Security/privacy consideration: cross-origin linkage from Dominique Hazael-Massieux via GitHub on 2017-04-19 (public-geolocation@w3.org from April 2017)

From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
Date: Wed, 19 Apr 2017 08:19:59 +0000
To: public-geolocation@w3.org
Message-ID: <issue_comment.created-295158342-1492589998-sysbot+gh@w3.org>

one way to mitigate this (which would also help with the [TouchSignatures attack](https://blogs.ncl.ac.uk/security/2016/02/05/touchsignatures-identification-of-user-touch-actions-and-pins-based-on-mobile-sensor-data-via-javascript/)) would be to restrict DeviceOrientation to visible browsing context.

-- 
GitHub Notification of comment by dontcallmedom
Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/33#issuecomment-295158342 using your GitHub account

Received on Wednesday, 19 April 2017 08:20:06 UTC