W3C home > Mailing lists > Public > public-geolocation@w3.org > October 2019

Re: [deviceorientation] Move fingerprintable APIs behind permissions (#85)

From: pes via GitHub <sysbot+gh@w3.org>
Date: Sat, 26 Oct 2019 22:22:36 +0000
To: public-geolocation@w3.org
Message-ID: <issue_comment.created-546644374-1572128555-sysbot+gh@w3.org>
@anssiko thanks for the follow up!  A couple of notes:

1) re the `requestPermission()` update, i see your point that it seems to address the attack.  I will follow up with the paper authors and see if they agree / have away of carrying out the attack otherwise and report back here.

2) re: Making the security and privacy considerations mandatory, i think this is a great first step, but two remaining concerns:
 - I suggest adding a 4th MUST condition: "fire events after the first-party context has received a user gesture"
 - In general its rare to have mandatory material in these areas of specs; is it possible to move the same content elsewhere (e.g. into the algorithm descriptions), or at least call to these mandatory privacy requirements in the algorithm descriptions?

-- 
GitHub Notification of comment by snyderp
Please view or discuss this issue at https://github.com/w3c/deviceorientation/issues/85#issuecomment-546644374 using your GitHub account
Received on Saturday, 26 October 2019 22:22:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:17 UTC