Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

Device APIs & Privacy
Web Permissions

Dominique Hazael-Massieux
Mobile Web Initiative Activity Lead

webinos project

WWW2012 W3C Camp on Security & Privacy, April 18, Lyon

Web browsers act as a sandbox that protects the user
More recently, that sandbox is opened more and more frequently to enable a new set of interactions, in particular on mobile devices


observation or monitoring of an individual’s communications or activities [IAB] Surveillance threat

Robot images credits:

Data compromise

unauthorized or inappropriate access to stored data Data compromise threat


Acts that disturb or interrupt one’s life or activities Intrusion threat


linking of information to a particular individual Identification threat


combination of various pieces of information about an individual Correlation threat


draft TAG finding

UI Mitigation

Web Intents

Diagram of Web Intents

Limits to UI approach

Web outside of the browser

Upcoming work

Use a spacebar or arrow keys to navigate