rwaldron
commented
8 years ago This is discussed here: https://github.com/w3c/sensors/issues/28
Can you elaborate the privacy issues with the strategy discussed in that issue?
Open lknik opened 8 years ago
rwaldron
commented
8 years ago This is discussed here: https://github.com/w3c/sensors/issues/28
Can you elaborate the privacy issues with the strategy discussed in that issue?
lknik
commented
8 years ago Sure,
So from how .getAll() will work, it seems we might be interested to document the following in the considerations:
rwaldron
commented
8 years ago identifying parameters
This should be easy
sets of sensors and their physical position and location
I'm not sure we can actually ever know all of this information for all devices. Can we offer known examples?
lknik
commented
8 years ago I'd just write it down in the privacy considerations (that identifying parameters and sets of sensors with physical position) should be considered - as in the first post in this issue.
As for examples - at the moment I am unaware of any, but we could write the considerations in a generic manner. Still, if the spec considers that this information can be available (if I understand correctly, it does?), we should document that this is available through the API.
Then, if we'll have more details, we can then make an update.
So something like:
In case a sensor type has more than one sensors, identifying parameters can potentially be used for fingerprinting the user's device.
The list of sensors along with their physical location in a device can potentially be used for identifying purposes to fingerprint the user's device
rwaldron
commented
8 years ago Ok, thank you for the additional explanation and clarification
According to the spec, if a sensor type has more than one sensor it has a set of identifying parameters. How this is going to be implemented is not entirely clear to me, but I would suggest to include this into privacy considerations: