W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2020

[webauthn] Location extension returns the authenticator coordinates to RP without user consent (#1517)

From: Pranjal Jumde via GitHub <sysbot+gh@w3.org>
Date: Sun, 15 Nov 2020 01:25:37 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-743157217-1605403535-sysbot+gh@w3.org>
jumde has just created a new issue for https://github.com/w3c/webauthn:

== Location extension returns the authenticator coordinates to RP without user consent ==
A user consent/permission prompt should be presented to the user before returning the coordinates to the relying party. Web-pages trying to retrieve information about user's current location when the user does not wish to reveal it for example: using vpn or tor - can use this to leak the current user-coordinates.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1517 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 15 November 2020 01:25:39 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 15 November 2020 01:25:39 UTC