On Wed, Jan 10, 2018 at 4:23 AM, <cwiemeer...@mozilla.com> wrote: > 1. Lock down the Device Sensor APIs APIs in Gecko to only secure contexts, > with `deviceorientation`, `absolutedeviceorientation`, and `devicemotion` > being enabled by default.
This helps with encouraging HTTPS adoption, but it does not solve the underlying issue one bit. Secure contexts do not make a feature secure. Secure contexts are a good defense-in-depth strategy and we'll soon go all-in for new features, but they do not (and will never) address fingerprinting or tracking issues. > 2. Implement the Generic Sensor APIs in Gecko. I don't see how this helps WebVR given that Chrome throttles these APIs to address the security issues and if they're throttled they reportedly become much less useful for WebVR. (I mentioned this in the W3C TAG review you referenced and have thus far not received a reply alleviating these concerns.) -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
