Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

limit precision to mitigate sensor calibration fingerprinting #86

Merged
merged 2 commits into from
Jun 23, 2020
Merged

limit precision to mitigate sensor calibration fingerprinting #86

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a08c394
require no more precise than 0.1 degrees, 0.1 degrees per second, 0.1…
npdoty May 29, 2020
e5b5c12
use superscript for m/s^2
npdoty Jun 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 21 additions & 9 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ A device lying flat on a horizontal surface with the screen upmost has an {{Devi
<pre class="lang-json">
{x: 0,
y: 0,
z: 9.81};
z: 9.8};
</pre>
</div>

Expand All @@ -126,15 +126,15 @@ A device in free-fall, with the screen horizontal and upmost, has an {{DeviceMot
<pre class="lang-json">
{x: 0,
y: 0,
z: -9.81};
z: -9.8};
</pre>
</div>

<div class="example">
A device is mounted in a vehicle, with the screen in a vertical plane, the top uppermost and facing the rear of the vehicle. The vehicle is travelling at speed v around a right-hand bend of radius r. The device records a positive x component for both {{DeviceMotionEvent/acceleration}} and {{DeviceMotionEvent/accelerationIncludingGravity}}. The device also records a negative value for {{DeviceMotionEvent/rotationRate!!attribute}}.{{DeviceMotionEventRotationRate/gamma}}:
<pre class="lang-json">
{acceleration: {x: v^2/r, y: 0, z: 0},
accelerationIncludingGravity: {x: v^2/r, y: 0, z: 9.81},
accelerationIncludingGravity: {x: v^2/r, y: 0, z: 9.8},
rotationRate: {alpha: 0, beta: 0, gamma: -v/r*180/pi} };
</pre>
</div>
Expand Down Expand Up @@ -227,7 +227,7 @@ The static {{DeviceOrientationEvent/requestPermission()}} operation, when invoke

The event should fire whenever a significant change in orientation occurs. The definition of a significant change in this context is left to the implementation, though a maximum threshold for change of one degree is recommended. Implementations may also fire the event if they have reason to believe that the page does not have sufficiently fresh data.

The {{DeviceOrientationEvent/alpha}}, {{DeviceOrientationEvent/beta}} and {{DeviceOrientationEvent/gamma}} attributes of the event must specify the orientation of the device in terms of the transformation from a coordinate frame fixed on the Earth to a coordinate frame fixed in the device. The coordinate frames must be oriented as described below.
The {{DeviceOrientationEvent/alpha}}, {{DeviceOrientationEvent/beta}} and {{DeviceOrientationEvent/gamma}} attributes of the event must specify the orientation of the device in terms of the transformation from a coordinate frame fixed on the Earth to a coordinate frame fixed in the device. The {{DeviceOrientationEvent/alpha}}, {{DeviceOrientationEvent/beta}} and {{DeviceOrientationEvent/gamma}} attributes must be expressed in degrees and must not be more precise than 0.1 degrees. The coordinate frames must be oriented as described below.

The Earth coordinate frame is a 'East, North, Up' frame at the user's location. It has the following 3 axes, where the ground plane is tangent to the spheriod of the World Geodetic System 1984 [[WGS84]], at the user's location.

Expand Down Expand Up @@ -416,11 +416,11 @@ The static {{DeviceMotionEvent/requestPermission()}} operation, when invoked, mu

In the {{DeviceMotionEvent}} events fired by the user agent, the following requirements must apply:

The {{DeviceMotionEvent/acceleration}} attribute must be initialized with the acceleration of the hosting device relative to the Earth frame, expressed in the body frame, as defined in [[#deviceorientation|deviceorientation Event]] section. The acceleration must be expressed in meters per second squared (m/s2).
The {{DeviceMotionEvent/acceleration}} attribute must be initialized with the acceleration of the hosting device relative to the Earth frame, expressed in the body frame, as defined in [[#deviceorientation|deviceorientation Event]] section. The acceleration must be expressed in meters per second squared (m/s<sup>2</sup>) and must not be more precise than 0.1 m/s<sup>2</sup>.

Implementations that are unable to provide acceleration data without the effect of gravity (due, for example, to the lack of a gyroscope) may instead supply the acceleration including the effect of gravity. This is less useful in many applications but is provided as a means of providing best-effort support. In this case, the {{DeviceMotionEvent/accelerationIncludingGravity}} attribute must be initialized with the acceleration of the hosting device, plus an acceleration equal and opposite to the acceleration due to gravity. Again, the acceleration must be given in the body frame defined in [[#deviceorientation|deviceorientation Event]] section and must be expressed in meters per second squared (m/s2).
Implementations that are unable to provide acceleration data without the effect of gravity (due, for example, to the lack of a gyroscope) may instead supply the acceleration including the effect of gravity. This is less useful in many applications but is provided as a means of providing best-effort support. In this case, the {{DeviceMotionEvent/accelerationIncludingGravity}} attribute must be initialized with the acceleration of the hosting device, plus an acceleration equal and opposite to the acceleration due to gravity. Again, the acceleration must be given in the body frame defined in [[#deviceorientation|deviceorientation Event]] section and must be expressed in meters per second squared (m/s<sup>2</sup>) and must not be more precise than 0.1 m/s<sup>2</sup>.

The {{DeviceMotionEvent/rotationRate}} attribute must be initialized with the rate of rotation of the hosting device in space. It must be expressed as the rate of change of the angles defined as {{DeviceOrientationEvent/alpha}} (x axis), {{DeviceOrientationEvent/beta}} (y axis), {{DeviceOrientationEvent/gamma}} (z axis) and must be expressed in degrees per second (deg/s).
The {{DeviceMotionEvent/rotationRate}} attribute must be initialized with the rate of rotation of the hosting device in space. It must be expressed as the rate of change of the angles defined as {{DeviceOrientationEvent/alpha}} (x axis), {{DeviceOrientationEvent/beta}} (y axis), {{DeviceOrientationEvent/gamma}} (z axis). Each attribute must be expressed in degrees per second (deg/s) and must not be more precise than 0.1 degrees per second.

The {{DeviceMotionEvent/interval}} attribute must be initialized with the interval at which data is obtained from the underlying hardware and must be expressed in milliseconds (ms). It must be a constant, to simplify filtering of the data by the Web application.

Expand Down Expand Up @@ -456,7 +456,7 @@ for the application to ask for <a>permission</a>.
Security and privacy considerations {#security-and-privacy}
===========================================================

The API defined in this specification can be used to obtain information from hardware sensors, such as accelerometer, gyroscope and magnetometer. Provided data may be considered as sensitive and could become a subject of attack from malicious web pages. The main attack vectors can be categorized into following categories:
The API defined in this specification can be used to obtain information from hardware sensors, such as accelerometer, gyroscope and magnetometer. Provided data may be considered as sensitive and could become a subject of attack from malicious web pages. The calibration of accelerometers, gyroscopes and magnetometers may reveal persistent details about the particular sensor hardware [[SENSORID]]. The main attack vectors can be categorized into following categories:

* Monitoring of a user input [[TOUCH]]
* Location tracking [[INDOORPOS]]
Expand All @@ -466,7 +466,8 @@ In light of that, implementations may consider permissions or visual indicators

* fire events only when [=active document=] is [=visible=],
* fire events only on the [=top-level browsing context=] and same-origin [=nested browsing contexts=],
* fire events only on secure browsing contexts [[!SECURE-CONTEXTS]]
* fire events only on secure browsing contexts [[!SECURE-CONTEXTS]],
* limit precision of attribute values as described in the previous sections.

Additionally, implementing these items may also have a beneficial impact on the battery life of mobile devices.

Expand Down Expand Up @@ -775,6 +776,17 @@ urlPrefix: https://html.spec.whatwg.org/multipage/
"QUATERNIONS": {
"href": "https://en.wikipedia.org/wiki/Quaternion",
"title": " Quaternions"
},
"SENSORID": {
"href": "https://doi.org/10.1109/SP.2019.00072",
"title": "SensorID: Sensor Calibration Fingerprinting for Smartphones",
"date": "2019",
"authors": [
"Zhang, Jiexin",
"Beresford, Alastair R.",
"Sheret, Ian"
],
"publisher": "IEEE Symposium on Security and Privacy"
}
}
</pre>