Privacy Case Study: Ambient Light Sensor API

Welcome to another remote meetup!
This time we will be joined by Lukasz Olejnik, who will walk us through an Ambient Light Sensor API privacy case study.
We'll wrap things up with a short Q&A afterward.

For the majority of users, web browser is the most important computer application. Increasingly complex, exciting and rich, features are standardized by W3C and implemented in web browsers on a normal basis. New browser features introduce interesting privacy challenges for standardization, research and development. I will demonstrate a privacy case study based on the example of Ambient Light Sensor. A web privacy impact assessment of a planned web browser feature, the Ambient Light Sensor API, indicated risks arising from the exposure of overly precise information about the lighting conditions in the user environment. The analysis led to the demonstration of direct risks of leaks of user data, such as the list of visited websites or exfiltration of sensitive content across distinct browser contexts. Our work contributed to the creation of web standards leading to decisions by browser vendors (i.e. obsolescence, non-implementation or modification to the operation of browser features). We highlight the need to consider broad risks when making reviews of new features. I will suggest practically-driven high-level observations lying on the intersection of web security and privacy risk engineering and modeling, and standardization.

Dr Lukasz Olejnik acts as an independent security and privacy researcher and advisor. His experience spans research, industry, standardization, and policy. His research interests include information and computer security and privacy, user data disclosure and dissemination problems as well as privacy-sensitive matters related to web browser functionalities, web security, privacy reviews, and privacy impact assessments. His research analysing user tracking and profiling on the web has impacted web standards and web browsers.

Lukasz is a World Wide Web Consortium’s (W3C) Invited Expert, where he focuses on privacy of web standards. In 2018-2020 he was elected to the W3C’s Technical Architecture Group. Lukasz is involved in technology policy, focusing on cyber security, privacy, and data protection. He held roles as technology policy advisor at the European Parliament (working on ePrivacy), scientific advisor on cyber warfare at the International Committee of the Red Cross, with a focus on assessing the humanitarian consequences of cyber operations, and science and technology advisor at the European Data Protection Supervisor.

Read more about the case study on his website:
https://blog.lukaszolejnik.com/shedding-light-on-designing-web-features-with-privacy-risks-impact-assessments-case-study/