W3C home > Mailing lists > Public > public-geolocation@w3.org > October 2019

Re: [deviceorientation] Move fingerprintable APIs behind permissions (#85)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Fri, 25 Oct 2019 06:22:09 +0000
To: public-geolocation@w3.org
Message-ID: <issue_comment.created-546218856-1571984528-sysbot+gh@w3.org>
@snyderp thanks for bringing this paper to the group's attention.

Since the paper was published, the group has done a number of privacy enhancements to the spec that I believe addressed the issue.

To summarize:

* In #68 the spec has added a static `requestPermission()` operation to [`DeviceMotionEvent`](https://w3c.github.io/deviceorientation/#dom-devicemotionevent-requestpermission) and [`DeviceOrientationEvent`](https://w3c.github.io/deviceorientation/#dom-deviceorientationevent-requestpermission), specified `requestPermission()` related algorithms in detail, and added a [permission model](https://w3c.github.io/deviceorientation/#id=permission-model) section.
* In #59 the group clarified the [security and privacy considerations](https://w3c.github.io/deviceorientation/#security-and-privacy) section and made its assertions normative.

Further implementation experience is being gathered for the permission model and specification clarifications informed by this experience are being discussed in GitHub issue #74.

Please review the [latest spec](https://w3c.github.io/deviceorientation/) and let us know of any further changes you think are required to mitigate the identified vector adequately.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/85#issuecomment-546218856 using your GitHub account
Received on Friday, 25 October 2019 06:22:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:17 UTC