Re: PING - informal chairs summary - 24 March 2016

If anyone wants to take a look at the current Privacy Questionnaire draft
between now and the call, it is at

Greg Norcie (
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800

*CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
more at <>*

On Mon, Apr 4, 2016 at 10:25 AM, Christine Runnegar <>

> PING – informal chairs summary –  24 March 2016
> Our next call will be on 28 April 2016 at the usual time.
> * Vibration API
> Background: We discussed the privacy considerations of the Vibration API
> [1] on the February PING call [2], and on the public-privacy email list.
> There was support for the updates to the privacy and security
> considerations section of the draft specification. We discussed the
> cross-device tracking threat in more detail (i.e. where an attacker could
> use a vibration pattern to uniquely identify the device), noting that this
> issue was also discussed by PING in the context of reviewing the Ambient
> Light specification. Users are increasingly using more than one device. It
> is also valuable for Web services to have insight into what devices are
> related – to be able to infer a device connection graph. The techniques
> that CDT has observed fall into two categories: deterministic or
> probabilistic.
> We also discussed whether an attacker could cause a device to identify to
> be identifiable by forcing a vibration. It seems possible mitigations
> against these types of attacks may be limited. There was a query about
> whether there is any research on the fingerprintability of specific
> hardware based on the vibration being uniquely identifiable or because it
> has a specific kind of pattern. Imagine a phishing attack that sends a
> vibration command through a website and vibrate the device so it can be
> identified. If an attacker were able to serialize millisecond vibrations,
> could the attacker encode the pattern so that a speaker on an external
> device could hear? Are external side-channels within the scope of the
> specification? (Note: cross-origin concern relates to both emitters and
> speakers)
> (Action item: We should include something in the privacy questionnaire to
> identify these kinds of side-channel issues. For example: Does this
> specification allow for communication outside the Web channel? Does this
> specification allow for communication that could be detected in other
> origins?)
> A third issue is whether cross-origin attacks are possible. For example, a
> server that serves ads in iframes across browsers might find it difficult
> to sync cookies because there are different origins. But, what if that
> server could trigger a vibration event and use a timing attack to identify
> the same user? Is that possible?
> We also noted that steps to mitigate against cross-device and/or
> identification attacks could hamper accessibility where the vibration API
> is used as support for accessibility features.
> For further references on this topic, see:
> - CDT comments to the FTC regarding cross-device tracking [3]
> - L. Olenjink’s document [4] (Note: LO is inviting feedback)
> Nick will also follow up on the public-privacy email to make sure that
> cross-origin issues have been raised.
> * Media Capture Streams
> Background: PING was invited to provide feedback on the Media Capture and
> Streams API (see [5]). We identified some privacy issues and the Media
> Capture Task Force gave a very detailed response documenting the issues and
> their approach to each of them. Almost all of the issues are resolved (e.g.
> device identifiers are cleared with cookies, permission model is
> double-keyed by the top-level origin and the entry-script origin) (see
> [6]). They also explained why they decided not to use CSP as a signal for
> persisting permissions. The outstanding issues regarding permissions
> revocation may have already been resolved too. They opened an issue about
> event firing (similar issue to the cross-origin issue we discussed
> vis-à-vis the vibration API).
> Action item: Seeking volunteers to review the changes/responses made by
> the Media Capture Task Force to address the privacy issues raised by PING
> Thank you to PING and Media Capture Task Force members! A very nice
> example of cross-group collaboration to improve the privacy in the design
> of this Media and Capture Streams API [7].
> * WebRTC at IETF 95
> There will be a discussion during the RTCWeb WG meeting at IETF 95
> (Tuesday 5 April 2016) on Internet Draft WebRTC IP Address Handling
> Recommendations [8], which provides best practices for how IP addresses
> should be handled by WebRTC applications.
> * PING @ IETF 95
> The IAB Privacy and Security Program is meeting at the usual time for the
> PING get-together so we will send out a note to organise an informal
> get-together instead.
> We will submit a request for a PING meeting slot.
> * PING questionnaire
> It would be useful to test the draft against some more specifications. We
> can expect upcoming requests from the Web Payments WG and Web
> Authentication WG.
> * PING outreach
> We need more people to step up to work with WGs on the privacy
> considerations of their specifications.
> Everyone, we also need to do more outreach to find new people to join PING.
> Please volunteer!
> Christine and Tara
> [1]
> [2]
> [3]
> [4]
> [5]
> [6]
> [7]
> [8]

Received on Monday, 4 April 2016 17:04:45 UTC