Abstracting risks and principles from sensor APIs

[sandandsnow]

PING has been asked to review some proposed privacy risk mitigations for the Ambient Sensor API. I am mentioning this API here because: (a) the security and privacy considerations have a useful list and brief description of a range of risks (which may be useful to check against what we have in this document); and (b) as an example for drawing out higher-level privacy principles, e.g. around the concept of reducing the granularity and accuracy of sensor readings.

[lknik]

If you're a fan of high-level principles/recommendations, have a look at (including the referenced PDF): https://blog.lukaszolejnik.com/shedding-light-on-designing-web-features-with-privacy-risks-impact-assessments-case-study/
And: https://lukaszolejnik.com/AssessingPrivacyWebStandardsIWPE17.pdf

[cynthia]

(b) feels like an API design concern that trickles into privacy, and guidance might better suited for design principles rather than this doc.

[torgo]

We discussed today and it seems clear we do need something about sensors in the document. However to Sangwhan's point we shouldn't have design principles for sensor APIs here but rather just touch on the privacy-related aspects.