Re: Vibration API privacy considerations

CDT's comments to the FTC on cross device tracking may help explain why any
standard that allows a unique pattern to be emitted can be used for

Greg Norcie (
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800

*CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
more at <>*

On Thu, Feb 18, 2016 at 12:11 PM, Lukasz Olejnik (W3C) <
> wrote:

> Hello
> 2016-02-16 21:30 GMT+01:00 Joseph Lorenzo Hall <>:
>> Are those two things or just one? That is, is this section claiming:
>> 1) it is possible to fingerprint a device through the Vibration API by
>> requesting information that could be used to uniquely identify a
>> device by characterizing "tiny imperfections during their
>> manufacturing"; and 2) it is possible for an external observer to
>> identify someone close to them in physical reality ("meat space") by
>> causing the user to visit a specific web page that then uses the
>> Vibration API to vibrate the device (and the external observer
>> observes this and connects a particular web session with a particular
>> device)?
> It is not suggested that Vibration API allows fingerprinting on its own.
> The only thing I intended to suggest was that in presence of other sensors
> - capable of performing the readouts - Vibration API provides the input.
> So yes, in conjunction with other sensors. This is specified there.
> That said, ability of creating patterns with vibration is another concern.
> Regards
> Lukasz

Received on Friday, 19 February 2016 16:42:49 UTC