13:58:02 RRSAgent has joined #dap 13:58:02 logging to http://www.w3.org/2017/05/04-dap-irc 13:58:04 RRSAgent, make logs world 13:58:04 Zakim has joined #dap 13:58:06 Zakim, this will be DAP 13:58:06 ok, trackbot 13:58:07 Meeting: Device and Sensors Working Group Teleconference 13:58:07 Date: 04 May 2017 13:58:50 Present+ Dominique_Hazael-Massieux 13:59:28 Present+ Kenneth_Christiansen 14:00:09 Agenda: https://lists.w3.org/Archives/Public/public-device-apis/2017May/0001.html 14:00:14 Present+ Alexander_Shalamov 14:00:18 fjh has changed the topic to: agenda https://lists.w3.org/Archives/Public/public-device-apis/2017May/0001.html 14:00:53 Topic: Welcome, scribe selection, agenda review, announcements 14:01:04 GitHub digest (25 April): https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0029.html 14:01:04 GitHub digest (2 May): https://lists.w3.org/Archives/Public/public-device-apis/2017May/0000.html 14:01:26 Present+ Tobie_Langel 14:02:09 anssik has joined #dap 14:02:25 Present+ Wanming_Lin 14:02:39 Present+ Anssi_Kostiainen 14:02:43 Chair: Frederick_Hirsch 14:02:53 Present+ Frederick_Hirsch 14:03:03 ScribeNick: anssik 14:03:04 rrsagent, generate minutes 14:03:04 I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh 14:03:43 TOPIC: Minutes approval 14:03:46 Approve minutes from 20 April 2017 14:03:46 https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/att-0028/minutes-2017-04-20.html 14:03:47 proposed RESOLUTION: Minutes from 20 April 2017 are approved 14:03:55 RESOLUTION: Minutes from 20 April 2017 are approved 14:04:06 TOPIC: FPWD of Orientation Sensor specification and FPWD of Motion Explainer Note 14:04:07 FPWD of Orientation Sensor specification and FPWD of Motion Explainer Note 14:04:18 Approved for publication, https://lists.w3.org/Archives/Member/chairs/2017AprJun/0028.html 14:04:26 snapshots prepared: https://lists.w3.org/Archives/Public/public-device-apis/2017May/0002.html 14:04:51 action: fjh to submit publication request for Orientation sensor and motion explainer 14:04:53 Created ACTION-798 - Submit publication request for orientation sensor and motion explainer [on Frederick Hirsch - due 2017-05-11]. 14:04:54 mikhail has joined #dap 14:04:57 thanks anssi 14:04:58 fjh: I'll proceed with the request 14:05:10 TOPIC: HTML Media Capture 14:05:14 Publication request processed; publication in progress for 4 May 2017. 14:05:14 CR publication draft fixes to fragments, https://github.com/w3c/html-media-capture/commit/e2424bb8dcbce7c479651ccc02a271c043e2a2ee 14:05:24 close ACTION-788 14:05:24 Closed ACTION-788. 14:05:29 published https://www.w3.org/TR/2017/CR-html-media-capture-20170504/ 14:05:52 TOPIC: Screen Orientation API 14:05:57 ACTION-787? 14:05:57 ACTION-787 -- Kenneth Christiansen to Review screen orientation api with alexander -- due 2017-04-15 -- OPEN 14:05:57 http://www.w3.org/2009/dap/track/actions/787 14:06:10 present+ mikhail_pozdnyakov 14:06:19 close ACTION-787 14:06:19 Closed ACTION-787. 14:07:06 shalamov: have submitted feedback via GH 14:07:16 shalamov: have a few more minor ones. Have heard nothing back from editors. 14:07:36 close ACTION-792 14:07:36 Closed ACTION-792. 14:07:42 TOPIC: Generic Sensor API 14:08:04 fjh: easy things first, we should publish a new WD 14:08:22 tobie: I wanted to do it yesterday, will do it today 14:08:27 +1 to publish 14:08:38 already agreed to do this 14:08:49 ACTION-779? 14:08:49 ACTION-779 -- Tobie Langel to Propose changes to address garbage collection issues -- due 2016-12-08 -- OPEN 14:08:49 http://www.w3.org/2009/dap/track/actions/779 14:09:01 fjh: looking through actions, did you handle the GC issue tobie 14:09:16 tobie: there's a bunch of GH issues on this topic 14:09:22 ACTION-799: issues recorded in github 14:09:22 Notes added to ACTION-799 . 14:09:28 close ACTION-799 14:09:28 Closed ACTION-799. 14:09:37 ACTION-781? 14:09:37 ACTION-781 -- Wanming Lin to Track changes in generic sensor api and update ambient light tests accordingly -- due 2016-12-08 -- OPEN 14:09:37 http://www.w3.org/2009/dap/track/actions/781 14:09:56 close ACTION-781 14:09:56 Closed ACTION-781. 14:10:20 https://github.com/w3c/web-platform-tests/tree/master/ambient-light 14:10:20 tobie: reviewed tests including ambient light 14:11:33 shalamov: I'll check if we pull in the latest wpt tests to Chromium 14:12:06 ACTION-785? 14:12:06 ACTION-785 -- Tobie Langel to Update milestones on generic sensor issues -- due 2017-03-16 -- OPEN 14:12:06 http://www.w3.org/2009/dap/track/actions/785 14:12:42 tobie to work on cleaning up issue tracker 14:13:25 tobie: triaging GH issues in progress 14:16:29 tobie: first thinking biggest issue is motion, fix permissions / privacy, then look at ALS; but since orientation sensors exist, but implementers not concerned about theoretical attacks, have use cases for ALS so no thinking deal with that first 14:16:48 s/so no/so now/ 14:18:24 alex: considering security privacy in parallel 14:18:30 ScrtibeNick: fjh 14:18:47 tobie: adding generic mitigation strategies to the spec 14:19:03 ... expanding on https://w3c.github.io/sensors/#mitigation-strategies 14:20:41 ... explaining what is in PR https://github.com/w3c/sensors/pull/191 14:21:01 https://docs.google.com/document/d/1MxrVtXkSwrduY3FlYbJe_NYwChdtEWhpFIBgoRARIn0/edit#heading=h.jgeutylz2fcp 14:21:26 https://w3c.github.io/sensors/#mitigation-strategies 14:21:50 https://github.com/w3c/sensors/pull/191 14:22:14 wanming has joined #dap 14:23:48 tobie: listing mitigation strategies is valuable since can now enable variety of use cases 14:24:39 q+ 14:25:22 tobie: working on fixes. also how to fit into HTML event loop - tests lacking on HTML side 14:25:23 tobie: in addition, I'm looking at how to integrate this with the event loop in the HTML 14:25:54 ack shalamov 14:26:57 https://docs.google.com/document/d/1Ml65ZdW5AgIsZTszk4mD_ohr40pcrdVFOIf0ZtWxDv0/edit?ts=58e6579f&pli=1#heading=h.lmg4m6asf9b4 14:27:17 “Sensor APIs implementation in Chromium: Generic Sensor Framework" 14:27:28 shalamov: few month ago, me and mikhail started to work on a design doc that try to address the permission, security and privacy issues 14:28:35 tobie: initial though this would be a quality of implementation issue turned out to be false assumption, implementers need more concrete guidance 14:28:35 s/initial/initially/ 14:29:38 threat levels, security policies, permissions etc should be in w3c spec that spans groups 14:30:00 q+ to mention interest on the previously discussed permission++ workshop 14:30:09 ack dom 14:30:09 dom, you wanted to mention interest on the previously discussed permission++ workshop 14:30:28 tobie: Generic Sensor API to define shared S&P terminology for other specs to use 14:30:45 dom: gauging interest to have a workshop around the topic 14:31:05 ... nothing to announce yet, but people at the AC meeting were supportive 14:31:26 ... ws needs to organized by Wendy and Dom, but lack of cycles currently 14:33:03 s/to/to be/ 14:33:04 q? 14:34:59 https://github.com/w3c/sensors/issues/171 14:35:09 tobie: need input from kenneth_ on an issue 171 14:35:43 kenneth_: I'll look at the issue tomorrow 14:36:02 fjh: question on threats, seems we're going back and forth 14:36:36 tobie: applicable mitigation strategies depend on the use cases and sensor types 14:37:08 s/forth/forth on whether frequency can address security-privacy threats/ 14:37:15 makes sense 14:37:47 another example of why listing threats and mitigation strategies is a good approach 14:38:04 ... it's a tradeoff, for example frequency, find a good enough frequency that allows the implementation of the use cases while still be security and privacy preserving 14:38:06 q+ 14:38:13 ack shalamov 14:38:58 shalamov: for ALS we try to mitigate risks by rounding, provide data in steps 14:39:10 ... for motion sensors, we are thinking of tackling the treats using focus state 14:39:34 s/treats/threats/ 14:39:42 ... if an input element that can be focused is focused waiting for user input, we can stop or slow the sensors down to the point they cannot be used for attacks 14:40:00 tobie: having list of risks and mitigation strategies helps us find the solutions for each of these sensors 14:40:45 anssik: is this new information, no existing knowledge on mitigations that work for the Web? 14:42:01 tobie: listing problems without offering mitigations is not enough, since security limitations on APIs may not solve right security issues and may prevent use cases 14:42:14 this is new for W3C, elsewhere listing threats along with mitigations is done 14:43:29 https://w3c.github.io/battery/#security-and-privacy-considerations 14:43:38 The user agent should not expose high precision readouts of battery status information as that can introduce a new fingerprinting vector. 14:43:59 anssik: implementers seem to ignore security and privacy considerations 14:44:08 might not if mitigations are mentioned 14:44:37 anssik: also they ignore things that are not testable 14:45:04 can make testable mitigation strategies 14:45:31 anssik: need mitigations to be interoperable 14:46:40 anssik: when are we publishing CR for generic sensor API 14:46:48 tobie: let me think about it, need to clean up document 14:46:57 tobie: will need to cleanup issues first to be able to say where we stand in terms of CR 14:47:09 tobie: 15 open issues, can get it down to 3 14:48:09 TOPIC: Ambient Light 14:48:12 ACTION-778? 14:48:12 ACTION-778 -- Dominique Hazaël-Massieux to Review tets results pull request for ambient light https://github.com/w3c/test-results/pull/72 -- due 2016-12-08 -- OPEN 14:48:12 http://www.w3.org/2009/dap/track/actions/778 14:48:31 close ACTION-778 14:48:31 Closed ACTION-778. 14:48:55 TOPIC: Wake lock 14:49:03 ACTION-774? 14:49:03 ACTION-774 -- Andrey Logvinov to Transfer https://github.com/w3c/ping/blob/master/wake-lock-privacy.md as github issues -- due 2016-09-15 -- OPEN 14:49:03 http://www.w3.org/2009/dap/track/actions/774 14:50:01 anssik: related to Ambient Light - attack Lucasz noted - interactions among sensors, possibly related to generic sensor API 14:50:32 anssik: ALS attack uses Wake Lock API to keep the screen awake 14:51:06 anssik: wake lock not shipping yet, but should take this potential attack into account 14:51:30 anssik: possible topic for workshop 14:51:54 @tobie a github issue for this on ALS 14:52:51 TOPIC: Brussels workshop 14:53:21 tobie: attended a workshop organized by UK university 14:54:00 ... workshop scope: how standards make privacy impact on users, standards process, IP, open source 14:54:24 ... I gave perspective on the W3C aspects, Lukasz shared battery paper findings 14:54:51 ... talks around fingerprinting etc. 14:56:53 tobie: Lucasz noted that often API is used for unintended use case 14:57:08 s/unintended use case/unintended use/ 14:58:46 battery status mitigations against the tracking scripts: https://github.com/w3c/battery/issues/10 14:58:55 Topic: Battery 14:59:09 ACTION-777? 14:59:09 ACTION-777 -- Anssi Kostiainen to Edit battery to document privacy concerns related to issue 5 -- due 2016-10-13 -- OPEN 14:59:09 http://www.w3.org/2009/dap/track/actions/777 14:59:17 in progress 14:59:47 Topic: Workshop 15:00:43 should we complete questionnaire given likely to have workshop instead 15:01:18 dom: sounds like workshop and issues with travel suggests not planning on TPAC 15:01:20 +1 15:02:23 anssik: can we have WG meeting in conjunction with workshop 15:02:34 dom: yes 15:03:50 anssik: would prefer not to have DAS at TPAC 15:04:05 proposed RESOLUTION: DAS will not meet at TPAC 15:04:26 dom: can scale down to simply WG meeting if workshop not possible, but expect workshop should be possible 15:04:32 dom: have smaller scale workshop 15:06:22 anssik: can you please check into possible Intel hosting 15:10:15 tobie: we need to get Google and Mozilla participation if we want permissions work to progress 15:10:56 fjh: we need to frame this workshop appropriately, so it is worthwhile and gets participation; plan for Europe, need early idea on venue to avoid later problems 15:11:07 Topic: Other Business 15:11:10 none 15:11:15 Topic: Adjourn 15:11:19 Thanks everyone 15:11:26 rrsagent, generate minutes 15:11:26 I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh 15:33:31 s/Topic: Workshop/Topic: DAS Workshop/ 15:33:35 rrsagent, generate minutes 15:33:35 I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh 15:33:58 s/ScribeNick: fjh// 15:34:05 rrsagent, generate minutes 15:34:05 I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh 15:38:12 s/minor ones/minor issues/ 15:39:29 s/+1 to publish/anssik: +1 to publish/ 15:40:39 s/ conjunction with workshop/ conjunction with workshop?/ 15:41:08 s/suggests not planning on TPAC/suggests not planning on TPAC, also Tobie noted he cannot attend TPAC/ 15:41:26 rrsagent, generate minutes 15:41:26 I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh 16:11:56 zkis has joined #dap 17:00:59 Zakim has left #dap 17:18:49 zkis has joined #dap 17:32:27 zkis has joined #dap