Stealing sensitive browser data with the W3C Ambient Light Sensor API

In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your browser using a surprising tool: your smartphone or laptop’s ambient light sensor. In short: We provide background about the light sensor API and current discussions to expose it more broadly to websites. We…

Read more

Browsers remove functionality due to privacy

It's 2016 and we are experiencing something unprecedented in the history of the Web. Apparently, Web browsers (Firefox, Safari?) are removing parts of their functionality citing privacy concerns. This is a fascinating development. Introduction I am analysing security and privacy of modern Web for more than 8 years now. The…

Read more