Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #13: Expand Security and Privacy Considerations #33

Merged
merged 4 commits into from
Aug 17, 2017
Merged

Fix #13: Expand Security and Privacy Considerations #33

merged 4 commits into from
Aug 17, 2017

Conversation

anssiko
Copy link
Member

@anssiko anssiko commented Aug 16, 2017
edited by pr-preview bot
Loading

@anssiko anssiko mentioned this pull request Aug 16, 2017
Closed
alexshalamov
alexshalamov reviewed Aug 16, 2017
View reviewed changes
index.bs Outdated

To mitigate these Ambient Light Sensor specific threats, user agents should
use the following mitigation strategies:
- <a>limit maximum sampling frequency</a>, and
Copy link

@alexshalamov alexshalamov Aug 16, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should it be "and or"? At the moment, it sounds that UA should use both simultaneously.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See 6cb119e

index.bs Outdated

- Information leaks about the user’s surrounding and work habits.
- Profiling. Readout from Ambient Light Sensor can potentially induce
information leaks about the user’s interests, web use and work
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"web use" - Is there such term?
"work habits" - was in previous bullet.
"Information leaks about .... users’ surrounding" - was in previous bullet.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll let @lknik comment on this text (a copy-paste from #13 (comment) with some very minor copyediting).

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello indeed those were too elaborate. Feel free to simplify, i.e.

"work habits" -> "use patterns"

Profiing - you are right, unnecessary repeat.

@lknik
Copy link

lknik commented Aug 16, 2017

Included a new comment at #13

@anssiko
Copy link
Member Author

anssiko commented Aug 17, 2017

Updated the PR based on feedback, PTAL.

lknik
lknik suggested changes Aug 17, 2017
View reviewed changes
Copy link

@lknik lknik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically fine, especially if we could include also (#13 (comment))

@anssiko
Copy link
Member Author

anssiko commented Aug 17, 2017

@lknik, I added cross-origin in the profiling risk. Now we should be covered, thanks!

@anssiko anssiko merged commit 8ef5a02 into gh-pages Aug 17, 2017
@anssiko anssiko deleted the security-privacy branch August 17, 2017 10:16
lknik
lknik reviewed Aug 19, 2017
View reviewed changes
index.bs Outdated
@@ -78,8 +78,8 @@ Ambient Light Sensor provides information about lighting conditions near
the device environment. Potential privacy risks include:

- Profiling. Ambient Light Sensor can leak information about user's use
patterns and surrounding. This information can be used to enhance user
profiling and behavioral analysis.
patterns and surrounding cross-origin. This information can be used to
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure about "surrounding cross-origin"? The surrounding in my mind here was the physical environment ;)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I defer to a native speaker to give me a grammar lesson.

"Can leak information ... cross-origin."

Sounds good to me.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not about the language ;) Cross-origin sounds like we're speaking about web/origins. I'm speaking about surrounding, like, even the physical environment.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please give us a concrete suggestion. A complete sentence.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lknik, I'm trying to understand what is the concrete suggestion you are trying to make. Are you suggesting we remote the word "cross-origin", i.e. revert commit 77ebda1 ?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, revert. It ("merge") mangled a few things

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, done.

@anssiko anssiko mentioned this pull request Aug 21, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexshalamov alexshalamov alexshalamov left review comments

@lknik lknik lknik requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anssiko @lknik @alexshalamov