We use to throttle sensor events to background tabs/windows. I am not sure if that still works though.
----- Original Message ----- From: "Paul Theriault" <[email protected]> To: "Jonas Sicking" <[email protected]> Cc: [email protected], "Doug Turner" <[email protected]> Sent: Monday, June 4, 2012 5:16:40 AM Subject: Re: WebAPI Security Discussion: Sensor API My main concern was side-channel attacks - there have been several papers released on sniffing passwords based on accelerometer information. Limiting access to the foreground only would be a elegant security solution to that specific threat. However on reflection, I think the permission depends on the type of sensor (or combination of sensors) being made available. Or is the point of this API that all sensors must be designed to be safe for untrusted web content? On 6/4/12 7:22 PM, Jonas Sicking wrote: > Why do we require explicit permission from uninstalled content? > Currently the orientation and acceleration sensors is available to all > uninstalled web pages in several browsers. > > We even currently make these sensors available when content isn't > focused, though that's something I think we should fix. > > / Jonas > > On Thu, May 31, 2012 at 4:06 AM, [email protected] > <[email protected]> wrote: >> "Final" proposal. Please reply-to [email protected] with any >> major issues. >> >> On Wednesday, 9 May 2012 04:41:46 UTC+10, Lucas Adamski wrote: >>> Please reply-to [email protected] >>> >>> Name of API: Sensor API >>> Reference: >>> https://bugzilla.mozilla.org/show_bug.cgi?id=697361 >>> http://dvcs.w3.org/hg/dap/raw-file/tip/sensor-api/ >>> >>> Brief purpose of API: Let apps access environmental sensor data gathered by >>> devices. >>> General Use Cases: None >>> >>> Inherent threats:Privacy >>> >>> Threat severity: Moderate >>> >>> == Regular web content (unauthenticated) == >>> Use cases for unauthenticated code: Monitor environmental sensor data like >>> temperature, barometer, magnetic field, >>> Authorization model for normal content: Explicit >>> Authorization model for installed content: Implicit >>> Potential mitigations: Only available to top-level content while focused >>> >>> == Trusted (authenticated by publisher) == >>> Use cases for authenticated code: Same >>> Use cases for trusted code: Implicit >>> Potential mitigations: >>> >>> == Certified (vouched for by trusted 3rd party) == >>> Use cases for certified code: >>> Backlight Dimming based on ambient light >>> Screen-off based on proximity >>> Authorization model: Implicit >>> Potential mitigations: >>> >>> Note: Many device sensor and motion use cases already covered by >>> DeviceOrientation / DeviceMotion API >>> (http://dev.w3.org/geo/api/spec-source-orientation.html) >> _______________________________________________ >> dev-webapps mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
