-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security and Privacy Considerations #2
Comments
We're in process of getting the Security and Privacy story straight, and decided to have that discussion also for concrete sensor specs in the w3c/sensors repo to stay organized. Currently, the Generic Sensor API captures the following known generic threats and discusses known mitigation strategies: The remaining open S&P issues are: We'll waterfall sensor-specific considerations to the S&P sections of each concrete spec that extend the Generic Sensor API when done. That said, I'll close this issues now, and encourage future feedback to the w3c/sensors repo. |
Hello, I'll take care of security/privacy issues of magnetometer, as usual. In fact, I'm already onto that. Is there any deadline/preference? |
Process-wise the spec should be feature complete when we enter Candidate Recommendation. As usual with standards, predicting timelines like that is not very useful thanks to consensus-driven process. @lknik Your help is appreciated in closing the remaining security and privacy issues: And if there are considerations specific to this Magnetometer spec not yet addressed in https://w3c.github.io/sensors/#security-and-privacy, I'd happily see a PR with your contributions that could be readily integrated. |
Thanks. Magnetometer definitely has its own issues, at least for "what can be done with it". I'll do it over the next few weeks (time-wise, quite constrained recently). Is there an estimated timeline? I think so far only one implementation exists. |
Hello Nice survey with example interesting attacks using Generic Sensor APIs, including the option of detection of a site visited in another tab. Do we want to update the considerations? |
Referencing this paper from the security and privacy considerations would be helpful to inform implementers and allow them implement adequate mitigations. Feel free to submit a PR. |
I will compose something concise (feel free to assign me). In the meantime can we (temporarily) reopen this? |
Thanks @lknik! Looking forward to your contribution. |
Here it is #56 |
It should be clear that there are none known at this time and the spec should encourage people report issues/concerns here on GH so that they may be included in the spec.
The text was updated successfully, but these errors were encountered: