w3c
Privacy - identifying parameters
According to the spec, if a sensor type has more than one sensor it has a set of identifying parameters. How this is going to be implemented is not entirely clear to me, but I would suggest to include this into privacy considerations:
In case a sensor type has more than one sensors, identifying parameters can potentially be used for fingerprinting the user's device
This is discussed here: https://github.com/w3c/sensors/issues/28
Can you elaborate the privacy issues with the strategy discussed in that issue?
Sure,
So from how .getAll() will work, it seems we might be interested to document the following in the considerations:
- identifying parameters
- sets of sensors and their physical position and location
identifying parameters
This should be easy
sets of sensors and their physical position and location
I'm not sure we can actually ever know all of this information for all devices. Can we offer known examples?
I'd just write it down in the privacy considerations (that identifying parameters and sets of sensors with physical position) should be considered - as in the first post in this issue.
As for examples - at the moment I am unaware of any, but we could write the considerations in a generic manner. Still, if the spec considers that this information can be available (if I understand correctly, it does?), we should document that this is available through the API.
Then, if we'll have more details, we can then make an update.
So something like:
In case a sensor type has more than one sensors, identifying parameters can potentially be used for fingerprinting the user's device.
The list of sensors along with their physical location in a device can potentially be used for identifying purposes to fingerprint the user's device