Visible to the public Shedding light on web privacy impact assessment: A case study of the Ambient Light Sensor API

TitleShedding light on web privacy impact assessment: A case study of the Ambient Light Sensor API
Publication TypeConference Paper
Year of Publication2020
AuthorsOlejnik, Lukasz
Conference Name2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW)
Date PublishedSept. 2020
PublisherIEEE
ISBN Number978-1-7281-8597-2
KeywordsAPI, Browsers, case study, compositionality, History, Human Behavior, lighting, Metrics, privacy, Privacy Engineering, privacy impact assessment, pubcrawl, resilience, Resiliency, security, Standards, W3C, Web Browser Security, Web Standards
Abstract

As modern web browsers gain new and increasingly powerful features the importance of impact assessments of the new functionality becomes crucial. A web privacy impact assessment of a planned web browser feature, the Ambient Light Sensor API, indicated risks arising from the exposure of overly precise information about the lighting conditions in the user environment. The analysis led to the demonstration of direct risks of leaks of user data, such as the list of visited websites or exfiltration of sensitive content across distinct browser contexts. Our work contributed to the creation of web standards leading to decisions by browser vendors (i.e. obsolescence, non-implementation or modification to the operation of browser features). We highlight the need to consider broad risks when making reviews of new features. We offer practically-driven high-level observations lying on the intersection of web security and privacy risk engineering and modeling, and standardization. We structure our work as a case study from activities spanning over three years.

URLhttps://ieeexplore.ieee.org/document/9229839
DOI10.1109/EuroSPW51379.2020.00048
Citation Keyolejnik_shedding_2020