Re: [w3c/screen-orientation] Add Privacy and Security Considerations section (#115)

chaals commented on this pull request.



> @@ -895,14 +895,7 @@ <h2>Access to sensors on a user’s device</h2>
       <section>
         <h2>Access to aspects of a user’s local computing environment</h2>
         <p>
-          The screen orientation type and angle of the device can be accessed with the API specified in this document.
-        </p>
-      </section>
-
-      <section>
-        <h2>Control over a user agent’s native UI</h2>
-        <p>
-          This specification allows locking the screen orientation to a specific state.
+          The screen orientation type and angle of the device can be accessed with the API specified in this document, and can be a potential fingerprinting vector.

I think it is worth saying how weak this **potential** vector is, and that it is unlikely to be used while far stronger ones are available.

IMHO, even trying to use this in association with other data is difficult, except real-time comparison of external visual surveillance or device-orientation.

For example, adding

> Using this information for practical fingerprinting is very difficult compared to other fingerprinting information. Aggregating information derived from this API is not very helpful in fingerprinting. The Device Orientation API provides a far more detailed version of the same information. So in practice, this API's minimal fingerprinting potential is unlikely to be used by any competent attack.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/screen-orientation/pull/115#pullrequestreview-123956112

Received on Tuesday, 29 May 2018 11:50:52 UTC