Hi all, I understand that the privacy of users is paramount, but please let's try to find a solution to mitigate the effect instead of "just switching it off". Switching an API off that previously worked is bad for the Web as a whole, not just for the (small) percentage of sites using that API.
One of the big pillars of the Web is that is resilient. There's an implicit promise that something that you develop today will continue to work in two decades. This is a huge advantage over native apps, this is what a web developer expects, and breaking this promise could be dangerous and should be the last option. If there is a way to mitigate the risks of the attack IMO we should try that instead of removing the API. Cheers, Belén On Monday, April 24, 2017 at 3:25:05 PM UTC+2, Frederik Braun wrote: > Hi, > > there is a relatively recent blog post [1] by Lukasz Olejnik and Artur > Janc that explains how one can steal sensitive data using the Ambient > Light Sensor API [2]. > > We ship API and its enabled by default [3,4] and it seems we have no > telemetry for this feature. > > > Unshipping for non-secure context and making it HTTPS-only wouldn't > address the attack. > > The API as implemented is using the 'devicelight' event on window. > I suppose one might also be able to implement a prompt for this, but > that doesn't sound very appealing (prompt fatigue, etc., etc.). > > > What do people think we should do about this? > > > > Cheers, > Freddy > > > > > > [1] > https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ > [2] https://www.w3.org/TR/ambient-light/ > [3] It is behind the dom.sensors.enabled (sic!) flag. > [4] > http://searchfox.org/mozilla-central/source/dom/system/nsDeviceSensors.cpp _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
