Re: Privacy report on sensors, for generic sensors API.

Hi Lukasz,

Thanks for reaching out, we really appreciate it. We're happy to help.

Do you have a timeline for when you'll need comments by?

Greg Norcie (
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800

*CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
more at <>*

On Tue, Mar 29, 2016 at 5:49 AM, Lukasz Olejnik (W3C) <>

> Dear all!
> I am working on a sensors privacy (impact, risk, ...) assessment for a
> while now. And I think now it has little sense to withhold it for any
> longer, as most of the work I did some time ago, anyway.
> It is primarily intended for Devis APIs WG (DAP), with whom I have the
> pleasure to work on the privacy aspects of sensors API.
> I invite you to take a look on the document [1]. I hope it will be useful,
> and I primarily hope this can be an appropriate starting input in privacy
> considerations of sensors.
> Often, as indicated in the PDF report, even perhaps far-fetched scenarios
> are considered. Same for cross-device risks, where plausible scenario could
> be pointed to.
> As advised in private correspondence with (and by), Tobie Langel (DAP), it
> would be good if specific pull(s) request(s) follow. I'll look into that
> next.
> Also of note. It is not included in the PDF (should it?), but I believe it
> is worthy to require a secure (i.e. TLS) connection for having access to
> sensors ('secure contexts') - all of them, generically and just like that.
> I can't imagine a scenario where this could cause any issues, apart from
> the need to set up a TLS, that is.
> I also highlight my view and want to ask a question. Can W3C give
> guidance/recommendation/note regarding the transparency UIs (sometimes
> called "privacy user interface")? A method for a straight-forward
> user-verification of: what/how was being used, how frequent, etc.
> Please, enjoy ;-)
> Best regards
> Lukasz Olejnik
> [1]

Received on Tuesday, 29 March 2016 14:22:05 UTC