Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security and Privacy Considerations #2

Open
marcoscaceres opened this issue Jul 21, 2016 · 9 comments
Open

Security and Privacy Considerations #2

marcoscaceres opened this issue Jul 21, 2016 · 9 comments

Comments

@marcoscaceres
Copy link
Member

It should be clear that there are none known at this time and the spec should encourage people report issues/concerns here on GH so that they may be included in the spec.

@anssiko
Copy link
Member

anssiko commented Feb 1, 2017

We're in process of getting the Security and Privacy story straight, and decided to have that discussion also for concrete sensor specs in the w3c/sensors repo to stay organized.

Currently, the Generic Sensor API captures the following known generic threats and discusses known mitigation strategies:
https://w3c.github.io/sensors/#security-and-privacy

The remaining open S&P issues are:
https://github.com/w3c/sensors/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20label%3Aprivacy%20label%3Asecurity

We'll waterfall sensor-specific considerations to the S&P sections of each concrete spec that extend the Generic Sensor API when done.

That said, I'll close this issues now, and encourage future feedback to the w3c/sensors repo.

@anssiko anssiko closed this as completed Feb 1, 2017
@lknik
Copy link
Contributor

lknik commented Feb 3, 2017

Hello,

I'll take care of security/privacy issues of magnetometer, as usual. In fact, I'm already onto that. Is there any deadline/preference?

@anssiko
Copy link
Member

anssiko commented Feb 3, 2017

Process-wise the spec should be feature complete when we enter Candidate Recommendation. As usual with standards, predicting timelines like that is not very useful thanks to consensus-driven process.

@lknik Your help is appreciated in closing the remaining security and privacy issues:

https://github.com/w3c/sensors/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20label%3Aprivacy%20label%3Asecurity

And if there are considerations specific to this Magnetometer spec not yet addressed in https://w3c.github.io/sensors/#security-and-privacy, I'd happily see a PR with your contributions that could be readily integrated.

@lknik
Copy link
Contributor

lknik commented Feb 7, 2017

Thanks. Magnetometer definitely has its own issues, at least for "what can be done with it". I'll do it over the next few weeks (time-wise, quite constrained recently). Is there an estimated timeline? I think so far only one implementation exists.

@lknik
Copy link
Contributor

lknik commented Jun 12, 2020

Hello

Nice survey with example interesting attacks using Generic Sensor APIs, including the option of detection of a site visited in another tab.

Do we want to update the considerations?

@anssiko
Copy link
Member

anssiko commented Jun 12, 2020

Referencing this paper from the security and privacy considerations would be helpful to inform implementers and allow them implement adequate mitigations. Feel free to submit a PR.

@lknik
Copy link
Contributor

lknik commented Jun 16, 2020

I will compose something concise (feel free to assign me). In the meantime can we (temporarily) reopen this?

@anssiko anssiko reopened this Jun 16, 2020
@anssiko
Copy link
Member

anssiko commented Jun 16, 2020

Thanks @lknik! Looking forward to your contribution.

@lknik
Copy link
Contributor

lknik commented Jun 18, 2020

Here it is #56

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants