Re: Web Audio API for review from Chaals McCathie Nevile on 2018-02-07 (public-privacy@w3.org from January to March 2018)

From: Chaals McCathie Nevile <chaals@yandex.ru>
Date: Wed, 07 Feb 2018 15:44:58 +0100
To: public-privacy@w3.org, "Chris Lilley" <chris@w3.org>
Message-ID: <op.zd2lw8znftbnq3@desktop-kurf4r9.home>

First up, my apologies for not looking at this before. The functionality  
seems a really valuable enhancement to the Web, and I hope to find lots of  
cool new things making use of it.

A couple of privacy concerns, and a couple of potential concerns led me to  
file two issues as described, and to ask some further questions below so I  
only make a fool of myself in one forum at a time...

On Thu, 30 Nov 2017 17:39:57 +0100, Chris Lilley <chris@w3.org> wrote:

>   Audio WG requests privacy review of the Web Audio API
>
>     * Specification URL: https://webaudio.github.io/web-audio-api/
>     * GitHub repo: https://github.com/WebAudio/web-audio-api
>
>
>   There is a Security
>        and Privacy self- assessment appendix.
>
>
>   Ideally, we would like to move to CR by the end of 2017. Please
>   let us know if you would like more time to review. Review comments
>   should ideally be raised as issues on GitHub.

I filed https://github.com/WebAudio/web-audio-api/issues/1487 which  
suggests that implementing this API in a voice-based system such as a  
screenreader or Voice Assistant increases the chance that a hostile site  
can emulate the native UI in some way. I note that this probably relies on  
either knowing enough about the user agent - including its particular  
sound characteristics - but that guessing at something common might be  
effective enough to justify the effort of a widespread attack.

I also filed https://github.com/WebAudio/web-audio-api/issues/1486, noting  
that it seems the spec would allow "dolphin attacks" - using  
human-inaudible sounds to interact with sensor devices including voice  
assistants. (At the extreme end which I didn't consider is the alleged  
sonic attacks made on the US embassy in Cuba, apparently designed to cause  
physical harm. I do not know enough to check whether this is even  
potentially feasible with Web Audio).

The same issue covers the case already identified for vibration, that an  
external sensor can detect the usage of the API potentially exposing  
physical location information.

There is another issue I didn't file, because I am not sure about it. It  
seems plausible that it may be possible to use various filter effects to  
identify a user's hearing range, e.g. by overlaying different information  
at different frequencies. This information can be identifying both in the  
context of enabling further manipulation of a user

cheers

chaals

-- 
Chaals is Charles McCathie Nevile
find more at http://yandex.com

Received on Wednesday, 7 February 2018 14:46:36 UTC