Giter Club home page Giter Club logo

Comments (2)

maximilianmetti avatar maximilianmetti commented on July 28, 2024

I agree that web security is an important mattter; however, I think we need to be a bit careful here when changing the spec on a feature that has been available for ~7 years. As the tip of the iceberg, as per [SECURE_CONTEXTS] all of the following sites that allow users to embed 360 video or panorama functionality in to their own web pages will break unless the top-level page also uses HTTPS:

I work with sensors using these specs on a daily basis and have read many papers that have been cited in the argument for deprecation on insecure pages. These papers, although they present impressive research, do not provide any practical analysis on how personal information could be compromised through these browser, as the academic environment and variables are different from that of this spec (including the discrepancy of the academic firing rate, typically 100-200Hz, compared to maximum 60Hz in the browser), along with other factors that make their proposed machine learning approaches scalable (such as variety of training devices). Some papers aim to address such issues but ultimately note that results degrade significantly once less academic environments are in place.

If the Generic Sensors API have a higher firing rate, we should evaluate the security of those sensors separately, though it seems hasty to cite studies to close down this longstanding spec on insecure origins when it is already deprecated for cross-origin applications, especially when the cited research variables doesn't match the spec recommendations (60Hz).

Full disclosure: I work at a company that media publishers hire to create ads that use motion sensors. Many of these companies simply cannot afford to secure their webpages due to massive traffic on their website. These companies are not malicious.

from deviceorientation.

anssiko avatar anssiko commented on July 28, 2024

Fixed in #65.

from deviceorientation.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.