Add camera data threat to privacy & security explainer

Question

Add camera data threat to privacy & security explainer

johnpallett opened this issue 6 years ago · 2 comments

Per discussion addressing the combination of pose and camera data probably makes sense in the explainer.

For reference, there is some early text in the privacy design proposal:

Camera Data and XRSession Data
The combination of camera data (e.g. using getUserMedia) with XRViewerPose data that is based on real-world viewer position and orientation may expose threat vectors related to real-world geometry that are not present when only camera data is available.
Such threat vectors assume that both types of data are available within a sufficiently short time interval that, given a camera frame, the viewer pose can be known at the time the frame was captured.
It is suggested that the user agent either prevent access to both types of data on the same origin within a short time interval (e.g. 2 seconds), or inform the user of the threat vectors and obtain user consent before making both types of data available.

Answer 1 · 2019-07-30T00:36:35.000Z

@NellWaliczek I haven't found firm data or a study to add to this section. I'm inclined to leave it out until we find that, WDYT?

Answer 2 · 2021-12-28T19:41:57.000Z

We don't expose this data in this module, that is up to other modules. Closing for now.