The post suggests that limiting precision would mitigate the issue. We could do that immediately while we wait for telemetry to roll in.
The post says reducing the frequency of the readings would not be very effective, but maybe we should reduce the frequency anyway? Possibly firing an event every 100ms to 200ms to report on light conditions seems rather bad for perf/battery. On Mon, Apr 24, 2017 at 9:24 AM, Frederik Braun <[email protected]> wrote: > Hi, > > there is a relatively recent blog post [1] by Lukasz Olejnik and Artur > Janc that explains how one can steal sensitive data using the Ambient > Light Sensor API [2]. > > We ship API and its enabled by default [3,4] and it seems we have no > telemetry for this feature. > > > Unshipping for non-secure context and making it HTTPS-only wouldn't > address the attack. > > The API as implemented is using the 'devicelight' event on window. > I suppose one might also be able to implement a prompt for this, but > that doesn't sound very appealing (prompt fatigue, etc., etc.). > > > What do people think we should do about this? > > > > Cheers, > Freddy > > > > > > [1] > https://blog.lukaszolejnik.com/stealing-sensitive- > browser-data-with-the-w3c-ambient-light-sensor-api/ > [2] https://www.w3.org/TR/ambient-light/ > [3] It is behind the dom.sensors.enabled (sic!) flag. > [4] > http://searchfox.org/mozilla-central/source/dom/system/nsDeviceSensors.cpp > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
