[Webkit-unassigned] [Bug 152299] [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 25 15:30:17 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=152299
Gregg Tavares <gman at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gman at chromium.org
--- Comment #8 from Gregg Tavares <gman at chromium.org> ---
Isn't enabling for ads precisely why this should NOT be enabled cross-domain?
Reading keystrokes from a nearby keyboard using the gyroscope
http://www.cc.gatech.edu/fac/traynor/papers/traynor-ccs11.pdf
Speech Recognition using the gyroscope
http://www.wired.co.uk/news/archive/2014-08/15/gyroscope-listening-hack
Looks like it's an issue of sample rate? Faster = easier to spy.
Maybe if you're not the same domain you get a lower sample rate where as same domain you get higher (for VR like apps)?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160325/e65ac865/attachment.html>
More information about the webkit-unassigned
mailing list