(bcc security & privacy, please keep discussion on dev-webapi) In the Idle API bug (https://bugzilla.mozilla.org/show_bug.cgi?id=715041), there was discussion around the privacy threat of websites correlating two anonymous identities by comparing system idle times. In response a 'fuzz' factor was introduced to make this attack less effective. It occurred to me that this sort of threat occurs anywhere we fire global events such as screen orientation, sensor events, power levels, network connection information etc, since a webpage could compare the timing or values of these events to correlate two anonymous identities.
Personally I feel the privacy risk is low (likely, but low impact) - this is basically just an extension of fingerprinting, and there isn't a lot we can meaningfully do to reduce the attack. Adding 'fuzz' to these sensor events often directly reduces their usefulness. But I wanted to put this question to the list to get more viewpoints? Apart from reducing the resolution of these events, the only other mitigation I can't think of is restricting event delivery to foreground content, which may impact valid use cases. Thoughts? (PS in any case, I think this is probably too low a risk to be worrying about for base camp, but just wanted to have the discussion.) _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
