Re: [w3ctag/spec-reviews] Ambient Light Sensor API (#115)

> @tobie if I understand correctly sites will be able to use the API in workers,

Not sure if that's a level 1 or 2 feature, but it's planned, yes.

> and also specify the frequency.

correct.

> The permission prompt will be standard?

If by this you mean that all sensors are considered [powerful features](https://w3c.github.io/permissions/#powerful-feature), then yes.

> In this case:
> 
> can the frequency be really custom-configured?

Yes.

> If so, let's think on addressing this one if we do not want to limit the frequency readout with some lower/upper value (sorry @torgo for not listing this more clearly anywhere)

That's indeed a fingerprinting issue we need to warn about.

> also, is a single permission prompt suitable for having the possibility to hop at all available frequencies and change them whenever a site wishes? > Would be nice to establish this one as well

My understanding from @maryammjd's comments during TPAC is that reducing poll frequency doesn't significantly reduce security risks. Given https://github.com/w3c/sensors/issues/100#issuecomment-257355433, I don't think starting/stopping and changing frequency can be effectively used as a communication channel.

> I guess I should review considerations and e.g. advise UAs to MUST log past frequencies.

Can you file an issue against the generic sensor API for this and explain the reason to do so? I'm wary of such normative requirements for this, fwiw.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/spec-reviews/issues/115#issuecomment-257360321

Received on Monday, 31 October 2016 17:27:36 UTC