- From: Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
- Date: Mon, 4 Jul 2016 21:17:59 +0100
- To: Greg Norcie <norcie@cdt.org>
- Cc: Nick Doty <npdoty@ischool.berkeley.edu>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAC1M5qoG+et1sg1POiRAj3XuFd6DCmk-ijdbMJURcjUy91JWXw@mail.gmail.com>
Hello, Thanks a lot. This is informative and it's in line with our current focus on sensors privacy assessments. Readout of same or similar values by different origins (e.g. [1]), even browsers is one thing we need to keep an eye on. We definitely need to assess this from a broad point of view. Best regards Lukasz [1] https://github.com/w3c/sensors/issues/100 2016-07-01 20:02 GMT+01:00 Greg Norcie <gnorcie@cdt.org>: > Nick, thank you for sharing this, this is incredibly useful work. CDT has > heard reports that some tracking providers may abuse sensors that have a > legitimate use. To give a hypothetical example, a game that utilizes the > accellerometer to n to move the player's character around the map might > also utilize this data for fingerprinting purposes as well. This is > especially troubling to me because accelerometer inputs, unlike input from > other sensors like cameras and microphones, does not require special > permission. > > The paper also speculated that such permissions could go beyond merely > identifying users, and start doing things like inferring keystrokes. > Previous literature has in fact shown that accelerometer data can be used > to infer passwords[1], and that these attacks are not merely > theoretical[2], so I hope now that we've seen that these sensors can be > used to de-anonymize and phish users, mobile browser makers will consider > whether the benefits of asking for permission to access the slight > usability costs of additional dialogs. > > The paper expresses concern that users will merely "click through" > accelerometer permission requests. I don't have data to prove or refute > that specific claim. But if anyone were to obtain some, I suspect the FTC's > Privacycon[3] would welcome studies testing that theory any findings on > such matters. (And the CFP explicitly states that works submitted to > academic conferences may also be presented there) > > [1] ACCessory: Password Inference using Accelerometers on Smartphones > http://www.hotmobile.org/2012/papers/HotMobile12-final42.pdf > > [2] Practicality of Accelerometer Side Channels on Smartphones > https://www.cs.swarthmore.edu/~aviv/papers/aviv-acsac12-accel.pdf > > [3] https://www.ftc.gov/privacycon-call-for-presentations > > > > /********************************************/ > Greg Norcie (norcie@cdt.org) > Staff Technologist > Center for Democracy & Technology > District of Columbia office > (p) 202-637-9800 > PGP: http://norcie.com/pgp.txt > > /*******************************************/ > > On Thu, Jun 23, 2016 at 5:41 PM, Nick Doty <npdoty@ischool.berkeley.edu> > wrote: > >> Hi public-privacy, >> >> Attached is a workshop paper from the Mobile Security Technologies (MoST) >> 2016 workshop at IEEE Security & Privacy last month. It may be of interest >> to our community, as it's suggesting that: 1) motion and orientation data >> can be used for cross-origin fingerprinting and, perhaps more novel for us, >> 2) motion and orientation sensors could potentially be used to gather the >> content typed into a soft-keyboard for a different iframe. >> >> I think perhaps the general risk to be aware of here is that sensor data >> is inherently cross-origin and so if those APIs are accessible to different >> origins, they can allow correlation or inference of data in ways that are >> unexpected. >> >> Thanks, >> Nick >> >> >
Received on Monday, 4 July 2016 20:18:31 UTC