Re: Scanning for beacons w/in a web page

As far as I know, the only security/privacy risk from BLE scanning is
location tracking
(https://webbluetoothcg.github.io/web-bluetooth/use-cases.html#risk_unpaired_data_leak).
If anyone knows of others, please do speak up.

That does mean that the permissions UI for BLE scanning (when it
doesn't include communication) will be similar to
navigator.geolocation. However, some Chrome folks are not entirely
happy with some aspects of geolocation, so I expect we'll try to avoid
those mistakes in any new location API. I'll try to find a list of the
problems so that y'all can think about how to fix them.

I believe there are plans to coalesce multiple permission requests
into fewer user prompts. I doubt there would be a unified API, but
requesting both geolocation and BT scanning in the same turn will
hopefully only ask the user one question, if we can figure out how to
word that question. Feel free to suggest detailed UI for this.

Thanks,
Jeffrey

On Wed, Jan 14, 2015 at 5:58 PM, Neftaly Hernandez
<neftaly.hernandez@gmail.com> wrote:
> Hey, another watcher chiming in!
>
> I plan to implement similar functionality as mentioned by Scott Jenson,
> specifically for moving targets with unknown coords. I also plan to extend
> the navigator.geolocation API in JS, by implementing trilateration against
> multiple BLE beacons with precisely-known coords, in order to add several sf
> of accuracy to navigator.geolocation.coords. An example would be using the
> latter to find a specific bus platform, boarding the bus, using the prior to
> detect the bus ID, then looking up the route number & number of stops
> remaining.
>
> I feel the permissions UI for BLE.listen should be near-identical to that of
> navigator.geolocation. Adding 1 BLE beacon is already enough to de-anonymize
> the user -- adding 10 more wouldn't change anything.
>
> Are there any significant security/privacy risks to BLE.listen access,
> beyond geo data? Apologies if I've missed an earlier mention.
>
> Cheers,
> Neftaly
>
> PS: Possibly outside the scope of this discussion, but the example above
> would certainly benefit if it were possible to combine permission requests
> for both navigator.geolocation and BLE.listen into a single request.
>

Received on Thursday, 15 January 2015 03:00:00 UTC