On Thu, Jan 4, 2018 at 9:06 PM, chris <hearcomestre...@gmail.com> wrote: > Thanks for the clarification, Martin. Providing that the UA persists > permissions (based on user action –or perhaps also leveraging Google’s Safe > Browsing API which Firefox and all other browsers already rely upon – > revoked and prompted -> denied/granted), do you have any additional concerns > about requiring secure contexts for the Sensor APIs?
To be clear: secure contexts is table stakes now. Anything that is exposed outside of secure contexts needs a pretty strong story for why. > If not, do you have ideal mitigation solutions given these use cases (e.g., > “magic windows,” WebXR [VR/AR], UI effects based on gyroscope)? "Ideal" isn't necessarily useful. I want people to be aware when these features are being used. Beyond that, for the features to only be available for use when intended. These are "inputs", and when someone intentionally activates these inputs, that is the ideal situation. If we're talking pie in the sky, then we might also ideally remove the side-channel information without compromising the usefulness of the APIs. Of course, these ideals are basically impossible to assess. Even if we went so far as to add a permissions prompt, which I'm not sure is the right answer for this case. But we do what we can. > Which are, in your opinion, the paramount attack vectors and mitigation > strategies? And the limitations of the latter? Of most concern here is the lengthy list of ways in which data might be obtained using these APIs by the drive-by web. If there is no indication that these APIs are in use, then a random website can use them to obtain passwords, record audio, etc... Note that a discrete indicator is probably not sufficient for this purpose. The one we use for audio only really works because we also have audio playing, which is often[1] more noticeable than the indicator. The mitigation strategies described in the sensors API are a good baseline, but ideally we have some way of receiving some signal that the API is being used intentionally. [1] Ultrasonics are a great way to exfiltrate information from a browser without users noticing. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
