<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><span class="vcard"><a class="email" href="mailto:gman&#64;chromium.org" title="Gregg Tavares &lt;gman&#64;chromium.org&gt;"> <span class="fn">Gregg Tavares</span></a>

</span> changed

              <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes"

   href="https://bugs.webkit.org/show_bug.cgi?id=152299">bug 152299</a>

        <br>

             <table border="1" cellspacing="0" cellpadding="8">

          <tr>

            <th>What</th>

            <th>Removed</th>

            <th>Added</th>

          </tr>

         <tr>

           <td style="text-align:right;">CC</td>

           <td>

               &nbsp;

           </td>

           <td>gman&#64;chromium.org

           </td>

         </tr></table>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes"

   href="https://bugs.webkit.org/show_bug.cgi?id=152299#c8">Comment # 8</a>

              on <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes"

   href="https://bugs.webkit.org/show_bug.cgi?id=152299">bug 152299</a>

              from <span class="vcard"><a class="email" href="mailto:gman&#64;chromium.org" title="Gregg Tavares &lt;gman&#64;chromium.org&gt;"> <span class="fn">Gregg Tavares</span></a>

</span></b>

        <pre>Isn't enabling for ads precisely why this should NOT be enabled cross-domain?

Reading keystrokes from a nearby keyboard using the gyroscope

<a href="http://www.cc.gatech.edu/fac/traynor/papers/traynor-ccs11.pdf">http://www.cc.gatech.edu/fac/traynor/papers/traynor-ccs11.pdf</a>

Speech Recognition using the gyroscope

<a href="http://www.wired.co.uk/news/archive/2014-08/15/gyroscope-listening-hack">http://www.wired.co.uk/news/archive/2014-08/15/gyroscope-listening-hack</a>

Looks like it's an issue of sample rate? Faster = easier to spy.

Maybe if you're not the same domain you get a lower sample rate where as same domain you get higher (for VR like apps)?</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>