PING - informal chairs summary - 22 October 2015

PING – informal chairs summary –  22 October 2015

Thank you to Giri Mandyam from the Geolocation Working Group for joining our call.

Thanks again to Mike O’Neill for acting as scribe!

Our next meeting will be at TPAC on Friday 30 October 2015. We will also have an PING and friends meeting alongside IETF 94 on Thursday 5 November 2015.

Our next call will be on 3 December 2015 at the usual time.

* Geolocation Working Group (WG) and the Geofencing API


Giri Mandyam (Geolocation WG chair) introduced the work of the Geolocation WG and reported that consensus was not reached on requiring authenticated origins for the Geolocation API. However, he noted that Chromium has announced that it will sunset support for non-authenticated origins and geolocation.

Giri also provided an overview of the working draft Geofencing API [1]. The specification defines an API that lets webapps setup geographic boundaries around specific locations and receive notifications when the hosting device enters or leaves those areas. Currently, the specification only supports circular geographic boundaries, but there have been discussions in the WG about supporting polygonal geographic boundaries.

The specification has First Public Working Draft (FPWD) status. The Editor’s Draft is in Github [2]. There are some outstanding technical issues that need to be resolved, but any early feedback on the privacy considerations would be useful for the WG’s discussions at TPAC next week.

The WG has started work on the privacy and security considerations [3] and Giri assessed the draft specification against the draft TAG privacy and security questionnaire [4]. David Singer and Martin Thomson have provided some feedback via the email list, [5] and [6] respectively.

The draft Geofencing API is built on Service Workers [7] because they seem to be a useful mechanism for long-lived processes such as geofencing and as the WG did not identify any use cases for geofencing in the UI main thread. Most likely, geofencing would be built as extensions to the existing Geolocation API. Unlike the Geolocation API, Service Workers require authenticated origins. However, Service Workers also require process persistence and some level of data persistence. The Geolocation WG would like to know whether this is a privacy concern. Also, could geofencing be abused in the context of a pervasive monitoring (see RFC 7258) attack?

This is actually an issue for all sensor APIs built on Service Workers. Therefore, PING should also review the privacy considerations of the Service Workers. Giri queried some possible approaches might be (i) best practices for Service Workers or (ii) encourage browsers to monitor/deter abusive practices and/or (iii) a practice of naming and shaming abusive origins. Giri said it is also an open question as to how to deal with permissions. Currently, the Geofencing API is part of the Permissions Registry in the Permissions API [8].

Action: Seeking volunteers to: review and provide guidance on the privacy considerations of the Geofencing API and “road-test” the PING draft privacy questions.

* DeviceOrientation API

Giri also asked for PING’s guidance on the DeviceOrientation API [9] as some researchers have identified some privacy vulnerabilities [10]. This API will be “rebuilt” using the Generic Sensor API [11] being defined by the Device APIs Working Group.

Action: Seeking volunteers to review the privacy considerations of the DeviceOrientation API having regard to the researchers’ findings.


PING will be meeting on Friday 30 October 2015. Members of WGs and other IGs are most welcome to participate. An email with details and a proposed agenda will be circulated shortly.

Christine and Tara


Received on Saturday, 24 October 2015 05:34:57 UTC