Shedding light on web privacy impact assessment: A case study of the Ambient Light Sensor API
Title | Shedding light on web privacy impact assessment: A case study of the Ambient Light Sensor API |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Olejnik, Lukasz |
Conference Name | 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) |
Date Published | Sept. 2020 |
Publisher | IEEE |
ISBN Number | 978-1-7281-8597-2 |
Keywords | API, Browsers, case study, compositionality, History, Human Behavior, lighting, Metrics, privacy, Privacy Engineering, privacy impact assessment, pubcrawl, resilience, Resiliency, security, Standards, W3C, Web Browser Security, Web Standards |
Abstract | As modern web browsers gain new and increasingly powerful features the importance of impact assessments of the new functionality becomes crucial. A web privacy impact assessment of a planned web browser feature, the Ambient Light Sensor API, indicated risks arising from the exposure of overly precise information about the lighting conditions in the user environment. The analysis led to the demonstration of direct risks of leaks of user data, such as the list of visited websites or exfiltration of sensitive content across distinct browser contexts. Our work contributed to the creation of web standards leading to decisions by browser vendors (i.e. obsolescence, non-implementation or modification to the operation of browser features). We highlight the need to consider broad risks when making reviews of new features. We offer practically-driven high-level observations lying on the intersection of web security and privacy risk engineering and modeling, and standardization. We structure our work as a case study from activities spanning over three years. |
URL | https://ieeexplore.ieee.org/document/9229839 |
DOI | 10.1109/EuroSPW51379.2020.00048 |
Citation Key | olejnik_shedding_2020 |