[ambient-light] Exfiltrating data across origins from Lukasz Olejnik via GitHub on 2017-08-28 (public-device-apis-log@w3.org from August 2017)

From: Lukasz Olejnik via GitHub <sysbot+gh@w3.org>
Date: Mon, 28 Aug 2017 19:58:39 +0000
To: public-device-apis-log@w3.org
Message-ID: <issues.opened-253438323-1503950301-sysbot+gh@w3.org>

lknik has just created a new issue for https://github.com/w3c/ambient-light:

== Exfiltrating data across origins ==
I'm making a separate issue as per @anssiko who suggested it at https://github.com/w3c/ambient-light/issues/13#issuecomment-325179063, summarising a points suggested [here](https://blog.lukaszolejnik.com/privacy-of-ambient-light-sensors/) and [here](https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/).

Here's my first proposal. We can take it from that.

> Readout of Ambient Light Sensor may potentially enable cross-origin communication or information leaks. Light sensor readouts change in response to environmental changes. Potential simple scenario could exploit the fact that light emitted from the screen is reflected back to the sensor from surface such as walls or even the the user himself/herself (i.e. his/her face). Malicious sites embedding resources from different origins could scale the content to display particular pixels in ways allowing distinguishing the contents, pixel by pixel. Another scenario could be hijacking web browser history by styling visited links in ways allowing distinguishing the detected light levels associated with with visited and unvisited links (i.e. in the simplest scenario, visited links would be styled as a block of black screen; white for unvisited). The ideal mitigation strategies for UAs is making the API subject to browser permissions since limiting frequency does not mitigate the attack, and the choice of potential precision limits would need to be made based on possibly unclear assumptions.

Additionally, feel free to put [here](https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/) in the spec references, if you think that would be helpful in explaining (and if it's in line with spec editorial guidelines).

Please view or discuss this issue at https://github.com/w3c/ambient-light/issues/37 using your GitHub account

Received on Monday, 28 August 2017 19:58:37 UTC