Re: HTML extension for system idle detection. from David Bennett on 2009-09-17 (public-webapps@w3.org from July to September 2009)

From: David Bennett <ddt@google.com>
Date: Thu, 17 Sep 2009 14:24:16 -0700
To: Jeremy Orlow <jorlow@chromium.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Arve Bersvendsen <arveb@opera.com>, "public-webapps@w3c.org" <public-webapps@w3c.org>
Message-ID: <bfeaf0180909171424m45be0f64l5eb02bf2f1a81d9b@mail.gmail.com>
On Thu, Sep 17, 2009 at 2:13 PM, Jeremy Orlow <jorlow@chromium.org> wrote:

> I don't believe that's what Frederick is talking about.  Also, fuzzing and
> rounding don't apply to the proposal you just sent out since it's now just
> an event (rather than a timer based API).


Well, there is still a query to find the idle time in a second resolution
that could be fuzzed.


> I think there is some merit to Jonas and Frederick's comments.  We are
> leaking more information (but not a lot more) about a users habits than we
> did before.  I haven't responded to them yet because I don't have a good
> answer.  :-)
>

True we are leaking a little more information, although a lot of this is
determinable using other mechanisms already although not as accurately.  It
does require the user to spend a lot of time on a specific site, or have a
specific site up in their browser all the time.  Which could already be used
for a lot of this sort of targeting.

Employers would just install an app or a plugin to the browser :)

Good luck,
David.


>
>
> On Thu, Sep 17, 2009 at 2:08 PM, David Bennett <ddt@google.com> wrote:
>
>> This is why we changed the resolution to be a second, it is a lot harder
>> to figure out traffic analysis and user analysis patterns with the lower
>> resolution idle information.
>> We discussed adding some fuzzing into the data returned, for example
>> rounding all results to be on a 15 second boundary, or on a minute boundary,
>> this sounds reasonable to me too if it will reduce privacy issues and
>> traffic analysis problems.
>>
>> Thanks,
>> David.
>>
>>
>> On Thu, Sep 17, 2009 at 1:13 PM, Frederick Hirsch <
>> frederick.hirsch@nokia.com> wrote:
>>
>>> isn't the mere knowledge of the level of activity on a device a possible
>>> privacy concern, and couldn't the pattern of activity offer a traffic
>>> analysis type opportunity?
>>>
>>> regards, Frederick
>>>
>>> Frederick Hirsch
>>> Nokia
>>>
>>>
>>>
>>>
>>> On Sep 17, 2009, at 1:35 PM, ext Jeremy Orlow wrote:
>>>
>>>  On Thu, Sep 17, 2009 at 12:50 AM, Arve Bersvendsen <arveb@opera.com>
>>>> wrote:
>>>> On Thu, 17 Sep 2009 00:05:58 +0200, David Bennett <ddt@google.com>
>>>> wrote:
>>>>
>>>> I have a proposal for an extension to javascript to enable browsers to
>>>> access system idle information.  Please give me feedback and suggestions
>>>> on the proposal.
>>>>
>>>>
>>>> What exactly are the security and privacy implications of detecting
>>>> system
>>>> idle activity in the browser?
>>>>
>>>> As far as I know, there really aren't any.  This was discussed on WhatWG
>>>> (before being directed here) and IIRC there were no serious security or
>>>> privacy concerns.  The minimum resolution of the event makes attacks based
>>>> on keystroke timing impossible.  Some people suggested that web apps could
>>>> do something "bad" while the user is away, but I don't think anyone could
>>>> come up with a good example of something "bad".  Can you think of any
>>>> specific concerns?
>>>>
>>>>
>>>> On Thu, Sep 17, 2009 at 2:43 AM, Robin Berjon <robin@berjon.com> wrote:
>>>> Hi David,
>>>>
>>>>
>>>> On Sep 17, 2009, at 00:05 , David Bennett wrote:
>>>> I have a proposal for an extension to javascript to enable browsers to
>>>> access system idle information.  Please give me feedback and suggestions on
>>>> the proposal.
>>>>
>>>> Thanks!
>>>>
>>>> SUMMARY
>>>>
>>>> There currently is no way to detect the system idle state in the
>>>> browser.  For example this makes it difficult to deal with any sort of chat
>>>> room or instant messaging client inside the browser since the idle will
>>>> always be incorrect; or allow for apps to control their speed or network
>>>> resources when a user is idle.
>>>>
>>>> This sounds like it /could/ (not sure and no promises) be an area of
>>>> work for DAP, given that it is about device/system information, and given
>>>> that I would expect the user to be in very solid control of the security
>>>> policy granting access to such information. I guess it could perhaps be
>>>> exposed as a system property, part of the System Information work.
>>>>
>>>> I'm not sure this is the type of API we need to ask the user about.  Web
>>>> apps can already detect when you're on their page, so I'm not sure how
>>>> valuable the additional information you would be leaking is.  I'd assume
>>>> browsers could have a big hammer like "disable idle reporting" for any users
>>>> who are particularly concerned.
>>>>
>>>>
>>>> In case it's not clear, I think this is a good proposal and all my
>>>> concerns were addressed in previous threads:
>>>> http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2009-August/022443.html
>>>>
>>>
>>>
>>
>
Received on Thursday, 17 September 2009 21:24:57 UTC