On 2017-04-25 00:04, Martin Thomson wrote: > I think that 60Hz is too high a rate for this. > > I suggest that we restrict this to top-level, foreground, and secure > contexts. Note that foreground is a necessary precondition for the > attack, so that restriction doesn't really help here. Critically, > rate limit access much more than the 60Hz recommended for the > accelerometer. 5Hz might be sufficient here, maybe even lower.
Note that they already talk about 2Hz being the rate they think is realistic to do their attack, and that 5Hz is probably an upper bound of their attack, so reducing it from 60 to 5 doesn't actually change anything and you would need to go even lower. You could for instance do something like only allowing it 1 time per minute, and require user approval for higher frequencies.
The other suggestion they have in their paper is to reduce the number of values you return, say 4 different values.
Kurt _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
