Comments (2)
Thanks for the proposal. The WG has discussed this type of an attack and has decided that a spec-conformant implementation may stop the sensor or reduce accuracy when the device is vibrating. These two mitigations help address not just vibration-based fingerprinting but also e.g. password skimming attacks the WG has also investigated.
While we're here, I'd like to share that this WG responsible for the Sensor APIs is chartered with a privacy focus and works with privacy researchers to analyze new attacks and specify mitigations to them. We also work with the general public and equally appreciate your contributions.
Please let us know if this satisfies your requirements or whether you'd like to suggest normative changes or informative clarifications to the specification(s). Please note the Accelerometer spec extends the Generic Sensor API spec, and it is the latter that defines the generic mitigations. Thank you.
from accelerometer.
Since the Vibration API requires the page to have visibility and the Accelerometer API requires the page to have focus it should already be difficult (though not impossible) for the APIs to be used at the same time.
from accelerometer.
Related Issues (20)
- "includesGravity" vs "includeGravity" HOT 2
- No way to get isolated gravity
- The image is not showing in the live spec HOT 6
- Add use cases to spec
- Why unrestricted double for acceleration readings? HOT 3
- Include Known Accelerometer Privacy Exposures in Accelerometer Document HOT 3
- Should we throw exception when screen coordinate system is not supported? HOT 8
- Integration in Permission API HOT 4
- Duplicate definition of LocalCoordinateSystem HOT 2
- Image fallback code fails very badly if *both* images error HOT 1
- API Name Objection HOT 2
- device calibration of accelerometers may reveal precise hardware fingerprint
- define normative privacy mitigation
- Explain how the implementation separates gravity from linear acceleration HOT 3
- Change reporting mode to "periodic"
- Broken references in Accelerometer HOT 1
- Address DeviceOrientation issue #4 HOT 1
- Adapt spec to Automation section changes in Generic Sensor API spec
- Rename AccelerometerReading properties to x, y, z
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from accelerometer.