W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2016

Re: Vibration API privacy considerations

From: David (Standards) Singer <singer@apple.com>
Date: Tue, 16 Feb 2016 17:06:00 -0800
Cc: Chaals McCathie Nevile <chaals@yandex-team.ru>, W3C Privacy IG <public-privacy@w3.org>
Message-id: <EBA992C9-74E2-4FBE-A90D-B4CB1DDABC1A@apple.com>
To: Joseph Lorenzo Hall <joe@cdt.org>
yes, an obvious question is ‘beaconing’ using vibration.

I guess this becomes more of a question for users with more than one device — especially a second device that has motion sensing. But the two devices would have to be awfully close for vibration to transfer.

> On Feb 16, 2016, at 12:30 , Joseph Lorenzo Hall <joe@cdt.org> wrote:
> Are those two things or just one? That is, is this section claiming:
> 1) it is possible to fingerprint a device through the Vibration API by
> requesting information that could be used to uniquely identify a
> device by characterizing "tiny imperfections during their
> manufacturing"; and 2) it is possible for an external observer to
> identify someone close to them in physical reality ("meat space") by
> causing the user to visit a specific web page that then uses the
> Vibration API to vibrate the device (and the external observer
> observes this and connects a particular web session with a particular
> device)?
> Looking at the spec, it just accepts a list of integers and vibrates
> the device or not. So, I don't see a way to fingerprint devices using
> this spec by taking advantage of "tiny imperfections during their
> manufacturing" (of accelerometers and gyroscopes). Maybe it's in
> conjunction with another API that that becomes revelant? (e.g., if you
> were recording audio, I bet vibrating the phone with a little training
> could allow you to characterize the surface it's on and possibly the
> type of phone and if it's in a case)
> I think maybe drop the first fingerprinting concern (maybe I don't
> understand it) but keep the second concern that it allows an external
> observer in physical proximity to associate a device with a web
> session by causing the device to vibrate using the API. (A possible
> mitigation to allowing for highly unique vibration patterns would be
> to make only simple vibrations possible.)
> If you've read this far, know that at some point we'll probably have
> to deal with eavesdropping via mobile gyroscopes... so not
> fingerprinting but full on identification of speaker information and
> parsing speech:
> https://crypto.stanford.edu/gyrophone/files/gyromic.pdf
> On Tue, Feb 16, 2016 at 10:39 AM, Chaals McCathie Nevile
> <chaals@yandex-team.ru> wrote:
>> Hi,
>> the Device API group are considering proposing a revision of the Vibration
>> API, and one of the things they propose adding is a section on Security and
>> Privacy.
>> The current proposal is
>> <https://github.com/anssiko/vibration/commit/48489c54e0b7ed80900e0906fa79803c8fa77069>
>> The two things identified are that vibration can be picked up with e.g.
>> motion sensors in the same device for fingerprinting, and that a vibrating
>> device can be physicall observed externally.
>> Wondering if anyone has further input.
>> Cheers
>> --
>> Charles McCathie Nevile - web standards - CTO Office, Yandex
>> chaals@yandex-team.ru - - - Find more at http://yandex.com
> -- 
> Joseph Lorenzo Hall
> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
> CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner

David Singer
Manager, Software Standards, Apple Inc.
Received on Wednesday, 17 February 2016 01:06:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:32 UTC