Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

Device APIs & Privacy
Web Permissions

Dominique Hazael-Massieux
Mobile Web Initiative Activity Lead
@dontcallmedom
dom@w3.org
W3C

WWW2012 W3C Camp on Security & Privacy, April 18, Lyon

Web browsers act as a sandbox that protects the user

More recently, that sandbox is opened more and more frequently to enable a new set of interactions, in particular on mobile devices

Surveillance

observation or monitoring of an individual’s communications or activities [IAB]

Spy via camera, microphone
Stalk with geolocation
...

Surveillance threat

Robot images credits: RoboHash.org

Data compromise

unauthorized or inappropriate access to stored data

Addressbook (premium SMS)
Calendar
…

Data compromise threat

Intrusion

Acts that disturb or interrupt one’s life or activities

Notifications
Constant prompts
Mouse lock, screen lock
…

Intrusion threat

Identification

linking of information to a particular individual

Track user across sites
Fingerprinting
Source of risks: list of attached devices and their characteristics

Identification threat

Correlation

combination of various pieces of information about an individual

High quality audio/video devices → high purchasing power
on wifi → at home or at work
…

Correlation threat

Mitigations

draft TAG finding

Action-Based Availability
Data minimization in API design
Gating access behind user interfaces

UI Mitigation

Prompts: bad UX, don’t scale
Integrated in workflow: ideal, but not always possible
Indicators: can they scale?
Web Intents

Web Intents

Diagram of Web Intents

Browser serves as broker between Web App and content/service provider
Content/service provider can be other Web app, native app, or OS service
Web App isolated from service provider

Limits to UI approach

Linked to origin; difficulty with transcluded content (e.g. iframe)
Decisions not necessarily linked to a clear goal
Multiple independent decisions: combinatorial complexity

Web outside of the browser

HTML/CSS/JS used outside of browser sandbox
Boot2Gecko, Tizen, Webinos, Windows Metro, PhoneGap
Security done at OS level
New work in W3C?

Upcoming work

TAG Task Force looking at this?
New “System-level” APIs Working Group
Webinos project
Boot2Gecko explorations
Privacy Interest Group

Use a spacebar or arrow keys to navigate