Re: Vibration API privacy considerations

Many thanks for this Frederick.

Christine

> On 18 Feb 2016, at 6:04 PM, Frederick Hirsch <w3c@fjhirsch.com> wrote:
> 
> In case it is helpful, here is the link for the Vibration API with the proposed changes in place, if you want to see them  in context.
> 
> https://rawgit.com/anssiko/vibration/rec-errata/index.html

> 
> This is the redline showing all changes in the associated pull request, including the privacy related changes
> 
> https://github.com/w3c/vibration/pull/1/files

> 
> regards, Frederick
> 
> Frederick Hirsch
> Chair, W3C Device APIs WG (DAP)
> 
> www.fjhirsch.com
> @fjhirsch
> 
> 
>> On Feb 17, 2016, at 12:35 AM, Christine Runnegar <runnegar@isoc.org> wrote:
>> 
>> Charles,
>> 
>> If this works for you and the Device API WG, let’s add this to the agenda for our next call (Thursday 26 February 2016 at UTC 17). 
>> Anyone from DAP who would like to join, would be most welcome.
>> 
>> In the meantime, everyone, please continue sharing your perspectives on this thread.
>> 
>> Christine
>> 
>> 
>>> On 17 Feb 2016, at 2:40 AM, Greg Norcie <gnorcie@cdt.org> wrote:
>>> 
>>> Would they be too faint? IIRC tempest attacks have picked up keystroke noises:
>>> 
>>> https://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html

>>> 
>>> Couldn't a microphone also pick up vibration noises? 
>>> 
>>> 
>>> 
>>> /********************************************/
>>> Greg Norcie (norcie@cdt.org)
>>> Staff Technologist
>>> Center for Democracy & Technology
>>> District of Columbia office
>>> (p) 202-637-9800
>>> PGP: http://norcie.com/pgp.txt

>>> 
>>> CDT's Annual Dinner (Tech Prom) is 
>>> April 6, 2016.  Don't miss out!
>>> learn more at https://cdt.org/annual-dinner

>>> /*******************************************/
>>> 
>>> On Tue, Feb 16, 2016 at 8:06 PM, David (Standards) Singer <singer@apple.com> wrote:
>>> yes, an obvious question is ‘beaconing’ using vibration.
>>> 
>>> I guess this becomes more of a question for users with more than one device — especially a second device that has motion sensing. But the two devices would have to be awfully close for vibration to transfer.
>>> 
>>> 
>>> 
>>>> On Feb 16, 2016, at 12:30 , Joseph Lorenzo Hall <joe@cdt.org> wrote:
>>>> 
>>>> Are those two things or just one? That is, is this section claiming:
>>>> 1) it is possible to fingerprint a device through the Vibration API by
>>>> requesting information that could be used to uniquely identify a
>>>> device by characterizing "tiny imperfections during their
>>>> manufacturing"; and 2) it is possible for an external observer to
>>>> identify someone close to them in physical reality ("meat space") by
>>>> causing the user to visit a specific web page that then uses the
>>>> Vibration API to vibrate the device (and the external observer
>>>> observes this and connects a particular web session with a particular
>>>> device)?
>>>> 
>>>> Looking at the spec, it just accepts a list of integers and vibrates
>>>> the device or not. So, I don't see a way to fingerprint devices using
>>>> this spec by taking advantage of "tiny imperfections during their
>>>> manufacturing" (of accelerometers and gyroscopes). Maybe it's in
>>>> conjunction with another API that that becomes revelant? (e.g., if you
>>>> were recording audio, I bet vibrating the phone with a little training
>>>> could allow you to characterize the surface it's on and possibly the
>>>> type of phone and if it's in a case)
>>>> 
>>>> I think maybe drop the first fingerprinting concern (maybe I don't
>>>> understand it) but keep the second concern that it allows an external
>>>> observer in physical proximity to associate a device with a web
>>>> session by causing the device to vibrate using the API. (A possible
>>>> mitigation to allowing for highly unique vibration patterns would be
>>>> to make only simple vibrations possible.)
>>>> 
>>>> If you've read this far, know that at some point we'll probably have
>>>> to deal with eavesdropping via mobile gyroscopes... so not
>>>> fingerprinting but full on identification of speaker information and
>>>> parsing speech:
>>>> 
>>>> https://crypto.stanford.edu/gyrophone/files/gyromic.pdf

>>>> 
>>>> On Tue, Feb 16, 2016 at 10:39 AM, Chaals McCathie Nevile
>>>> <chaals@yandex-team.ru> wrote:
>>>>> Hi,
>>>>> 
>>>>> the Device API group are considering proposing a revision of the Vibration
>>>>> API, and one of the things they propose adding is a section on Security and
>>>>> Privacy.
>>>>> 
>>>>> The current proposal is
>>>>> <https://github.com/anssiko/vibration/commit/48489c54e0b7ed80900e0906fa79803c8fa77069>
>>>>> 
>>>>> The two things identified are that vibration can be picked up with e.g.
>>>>> motion sensors in the same device for fingerprinting, and that a vibrating
>>>>> device can be physicall observed externally.
>>>>> 
>>>>> Wondering if anyone has further input.
>>>>> 
>>>>> Cheers
>>>>> 
>>>>> --
>>>>> Charles McCathie Nevile - web standards - CTO Office, Yandex
>>>>> chaals@yandex-team.ru - - - Find more at http://yandex.com

>>>>> 
>>>> 
>>>> 
>>>> 
>>>> --
>>>> Joseph Lorenzo Hall
>>>> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
>>>> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key

>>>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>>> 
>>>> CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner

>>>> 
>>> 
>>> David Singer
>>> Manager, Software Standards, Apple Inc.
>>> 
>>> 
>>> 
>> 
> 
> 
> 
> 

Received on Friday, 19 February 2016 09:23:48 UTC