Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User consent for spatial computing #1386

Closed
rinchen opened this issue Sep 10, 2024 · 4 comments
Closed

User consent for spatial computing #1386

rinchen opened this issue Sep 10, 2024 · 4 comments

Comments

@rinchen
Copy link

rinchen commented Sep 10, 2024

This issue is generated from my review of w3cping/privacy-request#142

Hi,

When reviewing the spec, it was unclear to me how the spec ensures that a user appreciates and understands the power they are consenting to, and the permissions they are approving, with specific regards to facial mapping (e.g. taking a picture of your face used for avatar generation or to replicate facial expressions such as smiling and frowning) as well as overall spacial awareness.

Especially with face mapping, the potential risks for privacy issues arising from sharing this data are rather high. I wanted to inquire with the spec authors whether additional normative clarity could be provided or if non-normative suggestions might be more appropriate. Alternatively, I might have overlooked something during my review.
@rinchen rinchen mentioned this issue Sep 10, 2024
Closed
@toji
Copy link
Member

toji commented Sep 10, 2024

Hi @rinchen!

The WebXR Device API does not have any mechanism for facial tracking of the type that you describe, and no modules are in development to add it as of yet. The closest we have in terms of sensitivity of data to date is hand input, which is developed in a separate module.

We can anticipate that the group may develop such facial tracking features someday, and if we do we will treat the privacy aspect of it with the gravity that such a sensitive data set deserves. Until then the spec represents what the group feels is an appropriate approach for the level of data being exposed: individually tracked devices, such as headsets, controllers, or mobile phones.

@rinchen
Copy link
Author

rinchen commented Sep 10, 2024

Thanks @toji for the feedback and for confirming no modules are in development.

I was thinking ahead with the full spatial computing environment in mind, thinking that having some initial guidance before module development would be useful. This was influenced by another issue I filed on more precision around normative compliance. I'm happy to close this ticket with your answer as above.

@toji
Copy link
Member

toji commented Sep 10, 2024

Thanks! And rest assured that if/when any sensitive features like that are under discussion we will reach out for the PING's input!

@toji toji closed this as completed Sep 10, 2024
@rinchen
Copy link
Author

rinchen commented Sep 12, 2024

@toji And in the news today we see this. Just for background when you get to this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rinchen @toji