The Ambient Light spec defers its security and privacy considerations to the generic sensors specification, which states
> all interfaces defined by this specification or extension specifications must only be available within a secure context. Would we require telemetry before we restricted this to secure contexts? On 24.04.2017 15:24, Frederik Braun wrote: > Hi, > > there is a relatively recent blog post [1] by Lukasz Olejnik and Artur > Janc that explains how one can steal sensitive data using the Ambient > Light Sensor API [2]. > > We ship API and its enabled by default [3,4] and it seems we have no > telemetry for this feature. > > > Unshipping for non-secure context and making it HTTPS-only wouldn't > address the attack. > > The API as implemented is using the 'devicelight' event on window. > I suppose one might also be able to implement a prompt for this, but > that doesn't sound very appealing (prompt fatigue, etc., etc.). > > > What do people think we should do about this? > > > > Cheers, > Freddy > > > > > > [1] > https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ > [2] https://www.w3.org/TR/ambient-light/ > [3] It is behind the dom.sensors.enabled (sic!) flag. > [4] > http://searchfox.org/mozilla-central/source/dom/system/nsDeviceSensors.cpp > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
