Home

Improve Permissions with a Focus on Privacy

%3CLINGO-SUB%20id%3D%22lingo-sub-668548%22%20slang%3D%22en-US%22%3EImprove%20Permissions%20with%20a%20Focus%20on%20Privacy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-668548%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20web%20is%20increasingly%20implementing%20standards%20that%20allow%20websites%20direct%20access%20to%20hardware%20and%20other%20information%2C%20which%20could%20potentially%20be%20used%20to%20personally%20identify%20or%20otherwise%20track%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20find%20it%20highly%20ironic%20that%20we%20should%20limit%20access%20using%20permissions%20to%20extensions%20and%20apps%2C%20but%20do%20nothing%20of%20the%20sort%20when%20it%20comes%20to%20arbitrary%20websites%20on%20the%20internet.%3C%2FP%3E%3CP%3ESite%20Permissions%20exist%2C%20but%20with%20a%20focus%20on%20user%20%3CEM%3Esecurity%3C%2FEM%3E%20rather%20than%20user%20%3CEM%3Eprivacy%3C%2FEM%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPermissions%20should%20be%20improved%20with%20a%20renewed%20focus%20on%20user%20privacy%2C%20by%20adding%20or%20changing%20defaults%20for%20features%20including%20but%20not%20limited%20to%20the%20Accelerometer%2C%20Gyroscope%2C%20and%20Magnetometer%20sensors%20(called%20motion%20and%20light%20sensors)%20to%20the%20laundry%20list%20of%20Site%20Permissions.%3C%2FP%3E%3CP%3EI%20explicitly%20name%20these%20three%20sensors%20because%20they%20are%20used%20by%20the%20Apple%20Watch%2C%20in%20combination%20with%20trained%20Machine%20Learning%20models%2C%20to%20determine%20exactly%20what%20you%20are%20doing%20at%20any%20given%20moment--from%20walking%2C%20to%20getting%20in%20the%20car%2C%20to%20driving%2C%20and%20swimming.%3C%2FP%3E%3CP%3EThis%20demo%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fintel.github.io%2Fgeneric-sensor-demos%2Fpunchmeter%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fintel.github.io%2Fgeneric-sensor-demos%2Fpunchmeter%2F%3C%2FA%3E%26nbsp%3Bwill%20automatically%20run%20without%20asking%20for%20permission%20on%20phones%20running%20at%20least%20Chrome%2074.%3C%2FP%3E%3CP%3EIf%20anyone%20has%20any%20other%20suggestions%20of%20what%20should%20be%20added%20to%20site%20permissions%2C%20feel%20free%20to%20comment%20below.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-672784%22%20slang%3D%22en-US%22%3ERe%3A%20Improve%20Permissions%20with%20a%20Focus%20on%20Privacy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672784%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20great%20feedback%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F354567%22%20target%3D%22_blank%22%3E%40IllEatMyHat%3C%2FA%3E.%26nbsp%3B%20I%20will%20make%20sure%20that%20the%20right%20product%20teams%20sees%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-672879%22%20slang%3D%22en-US%22%3ERe%3A%20Improve%20Permissions%20with%20a%20Focus%20on%20Privacy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672879%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F354567%22%20target%3D%22_blank%22%3E%40IllEatMyHat%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAmazing%20how%20smart%20various%20monitoring%20techniques%20become.%20Pls%20bring%20more%20examples%2C%20its%20a%20fascinating%20topic.%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
IllEatMyHat
Occasional Visitor

The web is increasingly implementing standards that allow websites direct access to hardware and other information, which could potentially be used to personally identify or otherwise track users.

 

I find it highly ironic that we should limit access using permissions to extensions and apps, but do nothing of the sort when it comes to arbitrary websites on the internet.

Site Permissions exist, but with a focus on user security rather than user privacy.

 

Permissions should be improved with a renewed focus on user privacy, by adding or changing defaults for features including but not limited to the Accelerometer, Gyroscope, and Magnetometer sensors (called motion and light sensors) to the laundry list of Site Permissions.

I explicitly name these three sensors because they are used by the Apple Watch, in combination with trained Machine Learning models, to determine exactly what you are doing at any given moment--from walking, to getting in the car, to driving, and swimming.

This demo: https://intel.github.io/generic-sensor-demos/punchmeter/ will automatically run without asking for permission on phones running at least Chrome 74.

If anyone has any other suggestions of what should be added to site permissions, feel free to comment below.

2 Replies

This is great feedback, @IllEatMyHat.  I will make sure that the right product teams sees this.

@IllEatMyHat 

 

Amazing how smart various monitoring techniques become. Pls bring more examples, its a fascinating topic. ;)