-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security/privacy consideration: cross-origin linkage #33
Comments
one way to mitigate this (which would also help with the TouchSignatures attack) would be to restrict DeviceOrientation to visible browsing context. |
I believe this topic is related to #30, and to the statement by Marcos Caceres in http://lists.w3.org/Archives/Public/public-geolocation/2017Apr/0001.html. I believe the issue raised is valid and real, but I am not detecting a consensus as to how to address it in the specification (beyond what is already in https://w3c.github.io/deviceorientation/spec-source-orientation.html#security-and-privacy, which as Marcos points out is non-normative). |
I believe this has been addressed by 4f91c34, which made the Security & Privacy section normative. Said section contains the following excerpt:
which matches the suggestion in #33 (comment) |
The requirement to only fire events on documents whose visibility state is "visible" was already in the normative Security and Privacy section, but it was not integrated into the algorithms that fire said events. Related to #33.
The requirement to only fire events on documents whose visibility state is "visible" was already in the normative Security and Privacy section, but it was not integrated into the algorithms that fire said events. Related to #33.
#140 has added the visibility checks to the algorithms themselves, which was the last missing part. I think we can finally close this one! |
Since all origins displayed to a device will share the same pattern of device orientation changes, this API may provide an avenue for cross-origin correlation. If that threat can't be mitigated, it should at least be noted (and user agents may want to disable access or provide users a means to disable access to these data)
The text was updated successfully, but these errors were encountered: