[Webkit-unassigned] [Bug 152299] [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 25 21:14:26 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=152299
Rick Byers <rbyers at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rbyers at chromium.org
--- Comment #9 from Rick Byers <rbyers at chromium.org> ---
If audio / keystroke capture are really the threat here, then limiting to cross-origin iframes isn't a mitigation. Lots of legitimate sites have all sorts of third party code running in their main frame, and users visit all sorts of illegitimate sites (eg. Not safe for ads, but porn sites go ahead?). I'm skeptical that the browser provides a high enough frequency for those attacks in practice (the audio paper says explicitly that Safari is not affected).
A more rational explanation for this behavior to me may be reducing battery usage. This sort of thing would be a great discussion for https://github.com/WICG/interventions to increase the chance of interoperability around this.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160326/6985fd28/attachment-0001.html>
More information about the webkit-unassigned
mailing list