Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security/privacy consideration: cross-origin linkage #33

Closed
wseltzer opened this issue Dec 1, 2016 · 4 comments
Closed

Security/privacy consideration: cross-origin linkage #33

wseltzer opened this issue Dec 1, 2016 · 4 comments
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.

Comments

@wseltzer
Copy link
Member

wseltzer commented Dec 1, 2016

Since all origins displayed to a device will share the same pattern of device orientation changes, this API may provide an avenue for cross-origin correlation. If that threat can't be mitigated, it should at least be noted (and user agents may want to disable access or provide users a means to disable access to these data)

@dontcallmedom
Copy link
Member

one way to mitigate this (which would also help with the TouchSignatures attack) would be to restrict DeviceOrientation to visible browsing context.

@gmandyam
Copy link

I believe this topic is related to #30, and to the statement by Marcos Caceres in http://lists.w3.org/Archives/Public/public-geolocation/2017Apr/0001.html. I believe the issue raised is valid and real, but I am not detecting a consensus as to how to address it in the specification (beyond what is already in https://w3c.github.io/deviceorientation/spec-source-orientation.html#security-and-privacy, which as Marcos points out is non-normative).

alexshalamov pushed a commit to alexshalamov/deviceorientation that referenced this issue Nov 22, 2017
alexshalamov pushed a commit to alexshalamov/deviceorientation that referenced this issue Nov 29, 2017
@npdoty npdoty added the privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. label Jun 1, 2020
@rakuco
Copy link
Member

rakuco commented Feb 12, 2024

I believe this has been addressed by 4f91c34, which made the Security & Privacy section normative. Said section contains the following excerpt:

Furthermore, to minimize privacy risks, the chance of fingerprinting and other attacks the implementations must:

which matches the suggestion in #33 (comment)

rakuco pushed a commit that referenced this issue Feb 13, 2024
The requirement to only fire events on documents whose visibility state is
"visible" was already in the normative Security and Privacy section, but it
was not integrated into the algorithms that fire said events.

Related to #33.
rakuco pushed a commit that referenced this issue Feb 14, 2024
The requirement to only fire events on documents whose visibility state is
"visible" was already in the normative Security and Privacy section, but it
was not integrated into the algorithms that fire said events.

Related to #33.
@rakuco
Copy link
Member

rakuco commented Feb 14, 2024

#140 has added the visibility checks to the algorithms themselves, which was the last missing part. I think we can finally close this one!

@rakuco rakuco closed this as completed Feb 14, 2024
@w3c w3c deleted a comment May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Projects
None yet
Development

No branches or pull requests

5 participants