toji
commented
2 months ago Hi @rinchen!
The WebXR Device API does not have any mechanism for facial tracking of the type that you describe, and no modules are in development to add it as of yet. The closest we have in terms of sensitivity of data to date is hand input, which is developed in a separate module.
We can anticipate that the group may develop such facial tracking features someday, and if we do we will treat the privacy aspect of it with the gravity that such a sensitive data set deserves. Until then the spec represents what the group feels is an appropriate approach for the level of data being exposed: individually tracked devices, such as headsets, controllers, or mobile phones.
rinchen
This issue is generated from my review of https://github.com/w3cping/privacy-request/issues/142
Hi,
When reviewing the spec, it was unclear to me how the spec ensures that a user appreciates and understands the power they are consenting to, and the permissions they are approving, with specific regards to facial mapping (e.g. taking a picture of your face used for avatar generation or to replicate facial expressions such as smiling and frowning) as well as overall spacial awareness.
Especially with face mapping, the potential risks for privacy issues arising from sharing this data are rather high. I wanted to inquire with the spec authors whether additional normative clarity could be provided or if non-normative suggestions might be more appropriate. Alternatively, I might have overlooked something during my review.