- From: Nick Doty via GitHub <sysbot+gh@w3.org>
- Date: Tue, 19 Apr 2016 20:28:02 +0000
- To: public-media-capture-logs@w3.org
For what it's worth, this isn't an unprecedented concern and we have some experience with potential mitigations. For example: * [Proximity](https://w3c.github.io/proximity/) limits events to top-level browsing context: > The events defined in this specification are only fired in the top-level browsing context to avoid the privacy risk of sharing the information defined in this specification with contexts unfamiliar to the user. For example, a mobile device will only fire these events on the active tab, and not on the background tabs or within iframes. * Mozilla's work on [Idle API](https://wiki.mozilla.org/WebAPI/IdleAPI) recommends fuzzing of event timing. (I think Ambient Light also had something about top-level browsing context, but that spec has since been re-written as a generic sensor and so I don't see text about that any more.) Per @josephlhall there is still a privacy risk regarding simultaneous event firing in different contexts even if those contexts have already been granted mic/camera permissions, but the risk is greatly reduced (it becomes an issue of sites you log into using two different browsers, say, rather than getting used by every background iframe ad). I think the spec could note that user agents may provide some fuzzing of the timing to mitigate that risk if they wish. -- GitHub Notification of comment by npdoty Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/333#issuecomment-212112407 using your GitHub account
Received on Tuesday, 19 April 2016 20:28:04 UTC