Consider making it so that SLAM in JS is considered not a best practice

immersive-web / privacy-and-security

Cross specification concerns and suggestions for privacy and security for the immersive web (Feature lead: Mounir Lamouri)

16 stars 8 forks source link

Consider making it so that SLAM in JS is considered not a best practice #18

Open peterclemenko opened 5 years ago

peterclemenko commented 5 years ago

As per the thread here: https://twitter.com/NellWaliczek/status/1090344367053664256 and my follow up here: https://twitter.com/aoighost/status/1090344892172304384

The idea that SLAM would be handled by Javascript is scary as hell. A malicious site could use a modified SLAM library to stream data of a user's surroundings, or worse, use it to attack the user themselves in a means to cause physical harm to the user. This should be handled by making it codified in spec that SLAM is not handled by a server side library, but rather by the browser.

blairmacintyre commented 5 years ago

This sort of thing is the initial motivation for why we want to make it possible to do web-based AR without requiring that users expose all sensor data (especially camera images) to the javascript context.

That said, we can't prevent a web page (with or without a server) from doing this if the page/user gives them access to camera data -- we can't prevent it now, either. Combining camera data + webxr does make the SLAM problem easier, but doesn't really change the nature of the problem.

peterclemenko commented 5 years ago

I understand that. It should still be documented as part of the motivation and best practices for browsers to make it clear as to why.