-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security and Privacy considerations for ALS #13
Comments
(For the background, see @lknik's blog post: https://blog.lukaszolejnik.com/privacy-of-ambient-light-sensors/) |
What is the resolution of this issue? Asking for a friend. |
@torgo I'm catching up on this after having been out of the loop for 6 months. Will get back to you by EOY at the latest. |
You can laugh all you want. I'm serious about the schedule. |
So turned out this got even further delayed than I expected. :) Plan is to include something possibly along the lines of what @lknik pasted above. |
We might include some additional information
Probably reconsider making the sensor subject to permissions? |
All sensors based on the generic sensors API rely on the permission API by virtue of subclassing the Relying on the permission API doesn't necessarily imply actually prompting the user for permission, though. And for good reasons. "Dialog box fatigue" is a real concern, and by no means the only solution to mitigate threats. |
@lknik We are investigating different mitigation strategies for AmbientLightSensor. Could you provide details of the setup you've used, so that everyone can reproduce the results? Would be nice to know:
One of the solutions is to round-up readings. We could use simple JS wrapper, to find 'safe rounding zone' for ALS readings.
Example of how to use wrapper:
Would you have time to re-run tests that you mentioned in your blog post? For example, with different thresholds (5, 10, 20, 50)? |
Hi, The PoC shows that basically questions around types of devices (smartphone/laptops) / lighting condition (dim!) / distance to objects (walls, mirrors, face...) might miss the point. What matters is it's pretty difficult to actually fine-tune the settings. Any measurable difference may turn out to be useful. The question is: what precision is warranted by the use cases? Further quantization is the way to go, the question is - is the MQ4 suitable? AFAIK Tobie is working on some (1) permission model for testing (2) idea of a high-level permission-less API? |
I made few measurements using several devices under different environmental conditions, results can be found in this table. Normal conditions
Speculative conditions
Under normal conditions, differences between ALS readings reported for ‘white’ and ‘black’ levels are in a range of 0.05-14.03 lx. Under speculative conditions, e.g., close to a mirror or white diffuse material, max delta was 127.07 lx. When two devices are attached screen-to-screen and changing brightness levels, max delta was 478 lx. Based on the data, JS wrapper with threshold of 50 lx was used to verify that POC referred in the article is not able to provide reliable results. Drawbacks for the 50 lx threshold is that sensitivity in 0-50 lx range would be lost. After 50 lx, illuminance values for EV or light levels describing environmental conditions (light levels, EV, daylight) are increasing logarithmically, therefore, relative precision would be increasing together with illuminance values (e.g., not important if lx value is 20.000 or 20.050). |
Hey @alexshalamov - decreasing entropy sounds like a good way forward. But indeed the lower values in lx are the most "informative", as you say. I understand that the difference between 50 and 150 is significant.
Sounds like a tradeoff is a challenge here (assuming we only have the current permission models, as implemented in browsers). |
My understanding is, the light-level media query as specified cannot be implemented in an interoperable manner, and as such, is not a solution to pursue at this time. Luckily, it seems that after careful research we've identified a solution that decreases entropy without compromising known high value use cases and allows us to mitigate known attacks. I'll let @alexshalamov expand on the proposed solution with details, since that was hand-wavy on my part. When we have these details discussed and agreed upon here, we are in a better position to update the security and privacy consideration section with concrete guidance to implementers -- and can finally close this issue that's been open for a while. |
Source? The CSS WG does not seem to have an open issue about this, despite having included light-level in Mediaqueries Level 5 which it published very recently. As an aside, the note in the light-level section (copied below) is well worth a read (and might help either find alignment if some of the use cases match or, on the contrary, clarify that they're orthogonal concerns):
|
Maybe it was me 😄. I did some research after I checked light-level related discussions.
Note basically says, light-level is not mapped to real world lux values and should not be used (blindly) to e.g., adjust contrast of page because:
I still think it would be tricky to implement interoperable light-level feature that would work reliably for intended use-cases, e.g., to adjust contrast of the web page. @lknik Thanks for spending your time to check the proposal.
Sorry, maybe I didn't explain properly. Values in a range of [0-50] might be useful to destinguish between dark environmental conditions, for example 'Full moon' vs 'Overcast sunset'. I'm not sure whether it would be big problem if we would loose sensitivity in that range. So, those values are not that informative. I hope after origin trials we would get more information whether 'high precision' mode is required for ALS, then we can adjust accordingly, e.g., define permission policies based on precision of required data. |
That's not what it says. It says it doesn't specify lux values because that leaves room for implementors to set those according to the constraint listed right below it.
That's totally possible, but then the CSS WG is going to have precisely the same issues, so maybe you all should talk. |
I guess the considerations would still stand. Also, what you mean by "known attacks" might not be that future-proof. And I reiterate that any implementation of ALS might, to some extent, be used to profiling.
What I thought is that you want to expose the following values: 0, 50, 100, 150, ... - so round the reading to the closest n*50. I guess for n<20 you'd miss out on information, as for larger n's the differences aren't that large (with respect to the outside sorrounding). So my proposal:
|
@lknik, your proposal has two issues:
I think the CSS MQ use cases that involve stylesheet swithing are better handled manually in a similar fashion as many web sites do already for font size adjustment. |
Can you actually back this claim up with technical arguments? And if so, bring it up with the CSS WG who doesn't seem to mention this concern anywhere? |
@alexshalamov to take an action to bring this up with CSS WG. |
Please make sure to link to this issue when you do. It also wouldn't hurt to hear here the technical arguments as to why enum-based values wouldn't be implementable interoperabily but discrete lux values would. |
Could we include:
Or something along the lines. Feel free to modify. I'm referring to a PoC of stealing web browsing history. |
I hope this is the best place to post this (I was referred from this Chromium issue). I see there has not been much activity here recently so please let me know if there is a better place to make these comments. I work for iProov which allows users of banks and governments services to assert and confirm their identity using secure face-based authentication. We specialise in Genuine Presence Assurance so focus on ensuring that the user is a real, live, physically present person. We do this by using the screen of the device to illuminate their face with a unique sequence of colours whilst streaming a short video back to our servers. We analysis the way the light reflects off their face in real-time to ensure we are looking at a real, 3D, skin-covered human. We also check that the unique sequence of colours are correct to ensure the user is live and we are not seeing a previous authentication attempt being replayed. And we also do face verification so ensure that the correct person is presenting themselves. Our current live deployments use iOS and Android SDKs embedded into our customers apps which gives us great control over the device's hardware. However, we are getting increasing requests to provide a browser solution which is a much more constrained environment. So, we have have developed a WebRTC version which is working well and nearly ready for live deployment but there is once specific issue we would like to address which is why I am posting here. Our ability to determine the Genuine Presence of user is dependent on the ability to detect the light from the screen interacting with the user's face in the video. In direct sunlight, it is too bright to detect the reflections so we do not acquire enough evidence to correctly pass real users. In our native SDKs, we have full access to the device's hardware so we can make an accurate assessment of the ambient brightness and advise the user to find somewhere less bright to prevent them from starting in conditions where they are very likely to fail. In a browser environment, we currently have no good way to make an assessment of the ambient brightness so cannot advice the user of their current lighting conditions which increases the failure rate and frustration for the user. So, having access to the data from the Ambient Light Sensor would be a great way solve this problem for our users! I have read this thread and understand the potential privacy concerns. The current brightness limit for our solution to work is somewhere between 1500 and 2000 lux (depending on a few things like screen size and brightness) so only having accuracy to the closest 50 lux would not be a big issue for us. We are very encouraged by the potential of using this new API. What are the blockers for getting the Ambient Light Sensor data made available for everyone? I hope you find our use case compelling and maybe it will help justify the release of this feature. I would be very happy to provide more details or answer any specific questions if that would be helpful. If there is anything that we could do to help with the delivery of this feature, we would be very happy to contribute. Thank you for your consideration. |
It is at each browser's discretion when and whether to ship by default. The spec itself is ready for implementation: it has passed wide review and reached feature completeness (aka Candidate Rec), although some new features are being proposed (below). To help browsers make a shipping decision at this point, the community can help:
You just helped with the former. For the latter, the spec recommends implementations to limit maximum sampling frequency and reduce accuracy of sensor readings. As of now, frequency cap and reading accuracy are implementation details given different implementers might have different preferences. For example, Chromium project's earlier thinking was to cap ALS at 10 Hz with a 4-bit resolution limit -- this may have changed since. Additional mitigation that has been proposed recently is to add an API for requesting permission to the generic sensor framework also ALS would inherit. @Joe-Palmer, thanks for the use case. I hope this clarifies the current status. @riju will be looking at this issues from the Chromium implementation perspective. You can follow https://crbug.com/606766 for implementation updates. |
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. sensor-helpers.js now has a small RingBuffer class that is used to wrap the readings passed via MockSensor.setSensorReading() so that we iterate over the array of readings (and wrap around) and every time a reading event is fired a potentially different value is emitted. This is useful for ALS because we will no longer be able to use the same value in succession and expect two reading events to be fired (only one will). In order to make it easier to implement those changes in sensor-helpers.js, runGenericSensorTests()'s signature has been simplified and all raw readings and expected values have a standardized format, an array of arrays, where each item corresponds to one reading. This also allows us to stop using Function.prototype.bind() for the reading verification function and be more explicit in telling which expected value we want in a specific reading callback. [1] w3c/ambient-light#13 (comment) Co-author: Raphael Kubo da Costa Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. sensor-helpers.js now has a small RingBuffer class that is used to wrap the readings passed via MockSensor.setSensorReading() so that we iterate over the array of readings (and wrap around) and every time a reading event is fired a potentially different value is emitted. This is useful for ALS because we will no longer be able to use the same value in succession and expect two reading events to be fired (only one will). In order to make it easier to implement those changes in sensor-helpers.js, runGenericSensorTests()'s signature has been simplified and all raw readings and expected values have a standardized format, an array of arrays, where each item corresponds to one reading. This also allows us to stop using Function.prototype.bind() for the reading verification function and be more explicit in telling which expected value we want in a specific reading callback. [1] w3c/ambient-light#13 (comment) Co-author: Raphael Kubo da Costa Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. sensor-helpers.js now has a small RingBuffer class that is used to wrap the readings passed via MockSensor.setSensorReading() so that we iterate over the array of readings (and wrap around) and every time a reading event is fired a potentially different value is emitted. This is useful for ALS because we will no longer be able to use the same value in succession and expect two reading events to be fired (only one will). In order to make it easier to implement those changes in sensor-helpers.js, runGenericSensorTests()'s signature has been simplified and all raw readings and expected values have a standardized format, an array of arrays, where each item corresponds to one reading. This also allows us to stop using Function.prototype.bind() for the reading verification function and be more explicit in telling which expected value we want in a specific reading callback. [1] w3c/ambient-light#13 (comment) Co-author: Raphael Kubo da Costa Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. sensor-helpers.js now has a small RingBuffer class that is used to wrap the readings passed via MockSensor.setSensorReading() so that we iterate over the array of readings (and wrap around) and every time a reading event is fired a potentially different value is emitted. This is useful for ALS because we will no longer be able to use the same value in succession and expect two reading events to be fired (only one will). In order to make it easier to implement those changes in sensor-helpers.js, runGenericSensorTests()'s signature has been simplified and all raw readings and expected values have a standardized format, an array of arrays, where each item corresponds to one reading. This also allows us to stop using Function.prototype.bind() for the reading verification function and be more explicit in telling which expected value we want in a specific reading callback. [1] w3c/ambient-light#13 (comment) Co-author: Raphael Kubo da Costa Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. sensor-helpers.js now has a small RingBuffer class that is used to wrap the readings passed via MockSensor.setSensorReading() so that we iterate over the array of readings (and wrap around) and every time a reading event is fired a potentially different value is emitted. This is useful for ALS because we will no longer be able to use the same value in succession and expect two reading events to be fired (only one will). In order to make it easier to implement those changes in sensor-helpers.js, runGenericSensorTests()'s signature has been simplified and all raw readings and expected values have a standardized format, an array of arrays, where each item corresponds to one reading. This also allows us to stop using Function.prototype.bind() for the reading verification function and be more explicit in telling which expected value we want in a specific reading callback. [1] w3c/ambient-light#13 (comment) Co-author: Raphael Kubo da Costa Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. sensor-helpers.js now has a small RingBuffer class that is used to wrap the readings passed via MockSensor.setSensorReading() so that we iterate over the array of readings (and wrap around) and every time a reading event is fired a potentially different value is emitted. This is useful for ALS because we will no longer be able to use the same value in succession and expect two reading events to be fired (only one will). In order to make it easier to implement those changes in sensor-helpers.js, runGenericSensorTests()'s signature has been simplified and all raw readings and expected values have a standardized format, an array of arrays, where each item corresponds to one reading. This also allows us to stop using Function.prototype.bind() for the reading verification function and be more explicit in telling which expected value we want in a specific reading callback. [1] w3c/ambient-light#13 (comment) Co-author: Raphael Kubo da Costa Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. Blink-specific sensor tests now use a ring buffer for readings needed for sensor/ambient-light-sensor.html Details: https://chromium-review.googlesource.com/c/chromium/src/+/1760954 [1] w3c/ambient-light#13 (comment) Co-author: Raphael Kubo da Costa Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. Blink-specific sensor tests now use a ring buffer for readings needed for sensor/ambient-light-sensor.html Details: https://chromium-review.googlesource.com/c/chromium/src/+/1760954 [1] w3c/ambient-light#13 (comment) Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. Blink-specific sensor tests now use a ring buffer for readings needed for sensor/ambient-light-sensor.html Details: https://chromium-review.googlesource.com/c/chromium/src/+/1760954 [1] w3c/ambient-light#13 (comment) Bug: 642731, 606766 Change-Id: Icc4cfa6b87bd5a87c2cac6ebe322201d7dda6c33
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834346 Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com> Cr-Commit-Position: refs/heads/master@{#705486}
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834346 Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com> Cr-Commit-Position: refs/heads/master@{#705486}
There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834346 Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com> Cr-Commit-Position: refs/heads/master@{#705486}
… readouts to the nearest 50 Lux., a=testonly Automatic update from web-platform-tests [sensors] Round off Ambient Light Sensor readouts to the nearest 50 Lux. There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834346 Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com> Cr-Commit-Position: refs/heads/master@{#705486} -- wpt-commits: b5c2b81b664dbf9fccf7316017ada0878fc10fa1 wpt-pr: 19467
… readouts to the nearest 50 Lux., a=testonly Automatic update from web-platform-tests [sensors] Round off Ambient Light Sensor readouts to the nearest 50 Lux. There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834346 Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com> Cr-Commit-Position: refs/heads/master@{#705486} -- wpt-commits: b5c2b81b664dbf9fccf7316017ada0878fc10fa1 wpt-pr: 19467
… readouts to the nearest 50 Lux., a=testonly Automatic update from web-platform-tests [sensors] Round off Ambient Light Sensor readouts to the nearest 50 Lux. There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834346 Reviewed-by: Reilly Grant <reillygchromium.org> Reviewed-by: Kentaro Hara <harakenchromium.org> Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costaintel.com> Cr-Commit-Position: refs/heads/master{#705486} -- wpt-commits: b5c2b81b664dbf9fccf7316017ada0878fc10fa1 wpt-pr: 19467 UltraBlame original commit: 36a1b8d7d73706d8223e20f47649db4e8741d20f
… readouts to the nearest 50 Lux., a=testonly Automatic update from web-platform-tests [sensors] Round off Ambient Light Sensor readouts to the nearest 50 Lux. There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834346 Reviewed-by: Reilly Grant <reillygchromium.org> Reviewed-by: Kentaro Hara <harakenchromium.org> Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costaintel.com> Cr-Commit-Position: refs/heads/master{#705486} -- wpt-commits: b5c2b81b664dbf9fccf7316017ada0878fc10fa1 wpt-pr: 19467 UltraBlame original commit: 36a1b8d7d73706d8223e20f47649db4e8741d20f
… readouts to the nearest 50 Lux., a=testonly Automatic update from web-platform-tests [sensors] Round off Ambient Light Sensor readouts to the nearest 50 Lux. There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1834346 Reviewed-by: Reilly Grant <reillygchromium.org> Reviewed-by: Kentaro Hara <harakenchromium.org> Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costaintel.com> Cr-Commit-Position: refs/heads/master{#705486} -- wpt-commits: b5c2b81b664dbf9fccf7316017ada0878fc10fa1 wpt-pr: 19467 UltraBlame original commit: 36a1b8d7d73706d8223e20f47649db4e8741d20f
I would suggest updating security/privacy considerations with the following:
The text was updated successfully, but these errors were encountered: