- From: Greg Norcie <gnorcie@cdt.org>
- Date: Mon, 4 Apr 2016 13:03:32 -0400
- To: Christine Runnegar <runnegar@isoc.org>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAMJgV7YMonahdokCuidk1+O3-0=k1ikzE7swptN_6f8d8QVw+A@mail.gmail.com>
If anyone wants to take a look at the current Privacy Questionnaire draft between now and the call, it is at https://gregnorc.github.io/ping-privacy-questions/ /********************************************/ Greg Norcie (norcie@cdt.org) Staff Technologist Center for Democracy & Technology District of Columbia office (p) 202-637-9800 PGP: http://norcie.com/pgp.txt *CDT's Annual Dinner (Tech Prom) is April 6, 2016. Don't miss out!learn more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>* /*******************************************/ On Mon, Apr 4, 2016 at 10:25 AM, Christine Runnegar <runnegar@isoc.org> wrote: > PING – informal chairs summary – 24 March 2016 > > Our next call will be on 28 April 2016 at the usual time. > > * Vibration API > > Background: We discussed the privacy considerations of the Vibration API > [1] on the February PING call [2], and on the public-privacy email list. > > There was support for the updates to the privacy and security > considerations section of the draft specification. We discussed the > cross-device tracking threat in more detail (i.e. where an attacker could > use a vibration pattern to uniquely identify the device), noting that this > issue was also discussed by PING in the context of reviewing the Ambient > Light specification. Users are increasingly using more than one device. It > is also valuable for Web services to have insight into what devices are > related – to be able to infer a device connection graph. The techniques > that CDT has observed fall into two categories: deterministic or > probabilistic. > > We also discussed whether an attacker could cause a device to identify to > be identifiable by forcing a vibration. It seems possible mitigations > against these types of attacks may be limited. There was a query about > whether there is any research on the fingerprintability of specific > hardware based on the vibration being uniquely identifiable or because it > has a specific kind of pattern. Imagine a phishing attack that sends a > vibration command through a website and vibrate the device so it can be > identified. If an attacker were able to serialize millisecond vibrations, > could the attacker encode the pattern so that a speaker on an external > device could hear? Are external side-channels within the scope of the > specification? (Note: cross-origin concern relates to both emitters and > speakers) > > (Action item: We should include something in the privacy questionnaire to > identify these kinds of side-channel issues. For example: Does this > specification allow for communication outside the Web channel? Does this > specification allow for communication that could be detected in other > origins?) > > A third issue is whether cross-origin attacks are possible. For example, a > server that serves ads in iframes across browsers might find it difficult > to sync cookies because there are different origins. But, what if that > server could trigger a vibration event and use a timing attack to identify > the same user? Is that possible? > > We also noted that steps to mitigate against cross-device and/or > identification attacks could hamper accessibility where the vibration API > is used as support for accessibility features. > > For further references on this topic, see: > - CDT comments to the FTC regarding cross-device tracking [3] > - L. Olenjink’s document [4] (Note: LO is inviting feedback) > > Nick will also follow up on the public-privacy email to make sure that > cross-origin issues have been raised. > > * Media Capture Streams > > Background: PING was invited to provide feedback on the Media Capture and > Streams API (see [5]). We identified some privacy issues and the Media > Capture Task Force gave a very detailed response documenting the issues and > their approach to each of them. Almost all of the issues are resolved (e.g. > device identifiers are cleared with cookies, permission model is > double-keyed by the top-level origin and the entry-script origin) (see > [6]). They also explained why they decided not to use CSP as a signal for > persisting permissions. The outstanding issues regarding permissions > revocation may have already been resolved too. They opened an issue about > event firing (similar issue to the cross-origin issue we discussed > vis-à-vis the vibration API). > > Action item: Seeking volunteers to review the changes/responses made by > the Media Capture Task Force to address the privacy issues raised by PING > > Thank you to PING and Media Capture Task Force members! A very nice > example of cross-group collaboration to improve the privacy in the design > of this Media and Capture Streams API [7]. > > * WebRTC at IETF 95 > > There will be a discussion during the RTCWeb WG meeting at IETF 95 > (Tuesday 5 April 2016) on Internet Draft WebRTC IP Address Handling > Recommendations [8], which provides best practices for how IP addresses > should be handled by WebRTC applications. > > * PING @ IETF 95 > > The IAB Privacy and Security Program is meeting at the usual time for the > PING get-together so we will send out a note to organise an informal > get-together instead. > > * PING @ TPAC > > We will submit a request for a PING meeting slot. > > * PING questionnaire > > It would be useful to test the draft against some more specifications. We > can expect upcoming requests from the Web Payments WG and Web > Authentication WG. > > * PING outreach > > We need more people to step up to work with WGs on the privacy > considerations of their specifications. > > Everyone, we also need to do more outreach to find new people to join PING. > > Please volunteer! > > Christine and Tara > > [1] > https://github.com/anssiko/vibration/commit/48489c54e0b7ed80900e0906fa79803c8fa77069 > [2] > https://lists.w3.org/Archives/Public/public-privacy/2016JanMar/0061.html > [3] https://cdt.org/files/2015/10/10.16.15-CDT-Cross-Device-Comments.pdf > [4] > https://lists.w3.org/Archives/Public/public-privacy/2016JanMar/0095.html > [5] > https://lists.w3.org/Archives/Public/public-privacy/2016JanMar/0075.html > [6] > https://lists.w3.org/Archives/Public/public-privacy/2016JanMar/0085.html > [7] https://www.w3.org/TR/2015/WD-mediacapture-streams-20150414/ > [8] https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-01
Received on Monday, 4 April 2016 17:04:45 UTC