Why do we require explicit permission from uninstalled content? Currently the orientation and acceleration sensors is available to all uninstalled web pages in several browsers.
We even currently make these sensors available when content isn't focused, though that's something I think we should fix. / Jonas On Thu, May 31, 2012 at 4:06 AM, [email protected] <[email protected]> wrote: > "Final" proposal. Please reply-to [email protected] with any > major issues. > > On Wednesday, 9 May 2012 04:41:46 UTC+10, Lucas Adamski wrote: >> Please reply-to [email protected] >> >> Name of API: Sensor API >> Reference: >> https://bugzilla.mozilla.org/show_bug.cgi?id=697361 >> http://dvcs.w3.org/hg/dap/raw-file/tip/sensor-api/ >> >> Brief purpose of API: Let apps access environmental sensor data gathered by >> devices. >> General Use Cases: None >> >> Inherent threats:Privacy >> >> Threat severity: Moderate >> >> == Regular web content (unauthenticated) == >> Use cases for unauthenticated code: Monitor environmental sensor data like >> temperature, barometer, magnetic field, >> Authorization model for normal content: Explicit >> Authorization model for installed content: Implicit >> Potential mitigations: Only available to top-level content while focused >> >> == Trusted (authenticated by publisher) == >> Use cases for authenticated code: Same >> Use cases for trusted code: Implicit >> Potential mitigations: >> >> == Certified (vouched for by trusted 3rd party) == >> Use cases for certified code: >> Backlight Dimming based on ambient light >> Screen-off based on proximity >> Authorization model: Implicit >> Potential mitigations: >> >> Note: Many device sensor and motion use cases already covered by >> DeviceOrientation / DeviceMotion API >> (http://dev.w3.org/geo/api/spec-source-orientation.html) > > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
