[light, proximity] Proposed privacy considerations text for Proximity Events and Ambient Light Events specs from Frederick.Hirsch@nokia.com on 2013-05-09 (public-device-apis@w3.org from May 2013)

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 9 May 2013 18:22:37 +0000
To: <public-device-apis@w3.org>
CC: <npdoty@w3.org>
Message-ID: <1CB2E0B458B211478C85E11A404A2B2701A8B347@008-AM1MPN1-033.mgdnok.nokia.com>

I have drafted proposed text to add to the currently empty Security and Privacy considerations section of the Proximity Events [1] & Ambient Light Events [2] specifications.

This proposal is based on feedback from the privacy interest group (PING) [3], [4], [5].

The following proposed text is common to both specifications, apart from the part marked [SPECIFIC] which should be replaced with the specific text that follows.

Proposed Common text:
---

4. Security and Privacy Considerations

This section is informative.

This specification does not process or link to personal information.

Privacy threats can arise when this specification is used in combination with other functionality or when used over time, specifically with the risk of correlation of data and user identification through fingerprinting. Application developers should consider how this information might be correlated with other information and the privacy risks that might create. The potential risks of collection of such data over a longer period of time should also be considered.

[SPECIFIC]

If the same Javascript code using the API can be used simultaneously in different window contexts on the same device it may be possible for that code to correlate the user across those two contexts, creating a new kind of tracking 'bug'.

Implementations should consider providing the user an indication of when the sensor is used and allowing the user to disable sensing.

Application developers that use this specification should perform a privacy assessment of their application taking all aspects of their application into consideration.

---

[SPECIFIC] to be replaced with the following for Proximity Events:

Variations in implementation limits of minimum and maximum sensing distance as well as event firing rates offer the possibility of fingerprinting to identify users, although this threat is relatively low considering the availability of other simpler fingerprinting possibilities. Implementations may reduce the risk by limiting the granularity and event rates.

[SPECIFIC] to be replaced with the following for Ambient Light Events:

Variations in implementation light level values as well as event firing rates offer the possibility of fingerprinting to identify users, although this threat is relatively low considering the availability of other simpler fingerprinting possibilities. Applications may reduce the risk by only using the less precise LightLevelState of 'dim', 'normal', and 'bright' and limiting event rates.

---

Comments and suggestions welcome.

regards, Frederick

Frederick Hirsch
Nokia

[1] https://dvcs.w3.org/hg/dap/raw-file/default/proximity/Overview.html

[2] https://dvcs.w3.org/hg/dap/raw-file/default/light/Overview.html

[3] http://lists.w3.org/Archives/Public/public-device-apis/2013Feb/0095.html

[4] http://lists.w3.org/Archives/Public/public-privacy/2013JanMar/0007.html

[5] http://lists.w3.org/Archives/Public/public-device-apis/2013May/0019.html

For Tracker, this should complete ACTION-622

Received on Thursday, 9 May 2013 18:23:35 UTC