- From: cynthia <notifications@github.com>
- Date: Mon, 16 Sep 2019 01:27:32 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/370/531684773@github.com>
> No, the final implementation will persist permissions so that the chooser dialog only needs to be shown once per origin/device pair. Okay, we'll do the security assessment based on this information. One thing we discussed as a hypothetical attack vector is cross-origin identifier leaking through stateful HID devices - this is entirely hypothetical though. > For instance, gamepad inputs are typically available in all apps (or browser tabs) simultaneously. I'm not quite sure if this is intended design, or an oversight. From the back of my head this doesn't feel right. Will take a look at the spec on this and report back. > Ex: WebHID can be used to control LEDs on connected HID devices. This could be used to match the color of RGB LEDs to the action of a game, or to match colors across multiple connected devices. If WebHID is only accessible to the current active tab then the LED colors cannot be changed when the tab is backgrounded, limiting possibilities for animated patterns. So, for this particular example LED control can potentially race (one game flashing it in orange, while one game trying to flash it in green will definitely look completely bizarre), which we believe can confuse users - the easiest mitigation would be to allow only the current active tab. This unfortunately as you mention has limitations too - like the service worker constraint, which is an extremely good point. We'll have to give that bit some more thought. > Can you point out which details you are concerned about? The main bit that came up was for example, if serial numbers of devices were surfaced that would be an extremely reliable cross origin tracking ID. Whether or not this would be exposed seems entirely device dependent, so whether or not that would be a problem I think depends on the amount of devices that come with unique identifiers built in. (Note: I wrote "we" above, but this isn't group thinking yet as everyone is split up in TPAC meetings.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/370#issuecomment-531684773
Received on Monday, 16 September 2019 08:27:54 UTC