Disable Accelerometer use while Vibration API is in use

[MrBrain295]

The accelerometer could be used to fingerprint people if it is used at the same time as the vibration API. This could be prevented by having the accelerometer disabled or collecting data at a lower accuracy when the vibration API is in use.

[anssiko]

Thanks for the proposal. The WG has discussed this type of an attack and has decided that a spec-conformant implementation may stop the sensor or reduce accuracy when the device is vibrating. These two mitigations help address not just vibration-based fingerprinting but also e.g. password skimming attacks the WG has also investigated.

While we're here, I'd like to share that this WG responsible for the Sensor APIs is chartered with a privacy focus and works with privacy researchers to analyze new attacks and specify mitigations to them. We also work with the general public and equally appreciate your contributions.

Please let us know if this satisfies your requirements or whether you'd like to suggest normative changes or informative clarifications to the specification(s). Please note the Accelerometer spec extends the Generic Sensor API spec, and it is the latter that defines the generic mitigations. Thank you.

[reillyeon]

Since the Vibration API requires the page to have visibility and the Accelerometer API requires the page to have focus it should already be difficult (though not impossible) for the APIs to be used at the same time.

[reillyeon]

Discussed at the TPAC 2024 F2F:

Given the mitigations discussed above the potential attack vector is a site using both the Vibration and Accelerometer APIs at the same time to measure the vibration produced in order to fingerprint the device. This is a novel idea but requires research to demonstrate its efficacy.

If research shows that this produces useful fingerprinting data implementations can use the approaches mentioned above to stop the sensor when the Vibration API is in use.