Shedding light on designing web features with privacy: risks, impact assessments, case study

This post is built around my paper (presented to/at the International Workshop on Privacy Engineering) devoted to privacy assessment in web standards. After the previous one (Battery Status Not Included: Assessing Privacy in W3C Web Standards) this is the next insight in this domain. While I point out the…

Read more

Stealing sensitive browser data with the W3C Ambient Light Sensor API

In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your browser using a surprising tool: your smartphone or laptop’s ambient light sensor. In short: We provide background about the light sensor API and current discussions to expose it more broadly to websites. We…

Read more

Privacy analysis of Ambient Light Sensors

Introduction Smartphones are equipped with a sensor letting the device to detect the brightness levels in their environment (modern sensors are even capable to measure the intensity of green, red and blue lights). The simplest application of the sensor is to adjust the screen's brightness in accordance with the environment.…

Read more