We’ll want to use it for geolocation in the future. There is already a stumbler application for http://location.services.mozilla.com/. I do not think we’d ever want to expose this on the Web.
On Nov 3, 2013, at 8:15 PM, Paul Theriault <[email protected]> wrote: > I have been thinking about what security & privacy risks are associated with > allowing 3rd party apps to access the WiFi manager API. One property this API > exposes is the MAC address of the wifi adapter. At first glance, exposing the > MAC address would seem to be a very significant privacy risk because a) its > guaranteed to be globally unique, and b) the user has no easy way to change > or cycle this identifier. Currently the API is certified only (only Mozilla > and partner apps can get access to this API) but there is a desire to open > this up for various legitimate use cases (improved geolocation accuracy via > wifi scanning for example). > > How important is it to never allow disclosure of the MAC address to 3rd party > apps ? Am I overlooking other factors which mean the work in restricting > access to the MAC is not such a valuable control ? > > To me it's similar to [1] which currently is an Implicit Privileged > permission [2]. However in that case you can always eat your SIM card if you > worried that They are on to you. > > -Paul > > [1] https://developer.mozilla.org/en-US/docs/Web/API/MozMobileNetworkInfo > [2] This means only apps reviewed by Mozilla Marketplace can get this > permission, but users are not prompted before an app can read > this_______________________________________________ > dev-privacy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-privacy _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
