- From: Piotr Bialecki <notifications@github.com>
- Date: Wed, 15 Sep 2021 10:22:24 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/550/920217096@github.com>
> Hi @bialpio – @torgo, @kenchris and I looked at the issue during our Gethen vf2f and generally like the direction it is going. > > The solution / mitigation you describe above (degrading / fuzzing to reduce possibility of use for fingerprinting) sounds reasonable. Is there an issue in the working group that you can point to where this is being discussed? If there's active work going on on this then we can resolve our review. There is no issue in the repo for this particular aspect of the spec (I remember exposing the ["limit the resolution"](https://immersive-web.github.io/depth-sensing/#limit-the-amount-of-information) / ["block access"](https://immersive-web.github.io/depth-sensing/#block-access) parts more prominently in the algorithms in response to feedback but I cannot find a written note about it anywhere now). Regarding active work, do you think the current phrasing around the allowed behavior is insufficient? If so, I can expand on the existing text a bit to make it clearer that user agents are allowed to build those kinds of controls into the UX around the API. The existing relevant paragraph is: "In order to mitigate privacy risks to the users, user agents should seek user consent prior to enabling the depth sensing API on a session. In addition, as the depth sensing technologies & hardware improve, the user agents should consider limiting the amount of information exposed through the API, or blocking access to the data returned from the API if it is not feasible to introduce such limitations. To limit the amount the information, the user agents could for example reduce the resolution of the resulting depth buffer, or reduce the precision of values present in the depth buffer (for example by quantization). User agents that decide to limit the amount of data in such way will still be considered as implementing this specification." I don't think it'll be controversial to add more text around this, so I'll just go ahead with a PR. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/550#issuecomment-920217096
Received on Wednesday, 15 September 2021 17:22:37 UTC