Web Bluetooth Opens New Abusive Channels

An anonymous reader writes: Recently, browsers are starting to ship Web Bluetooth API, soon to become a component of Web of Things. Web Bluetooth will allow to connect local user devices with remote web sites. While offering new development and innovation possibilities, it may also open a number of frightening security and privacy risks such as private data leaks, abuses and complexity. Web Bluetooth as currently defined by W3C may introduce unexpected data leaks such as location, and personally-identifiable data. "There are numerous examples of data processing methods possible of extracting insight previously seemingly hidden," said Steve Hegenderfer, director of Developer Programs at the Bluetooth Special Interest Group. "With Web Bluetooth, core security and privacy responsibility is delegated to the already powerful Web browser. Browsers should consider the types of information made available to websites and act accordingly in designing their data privacy layers." Is pairing kettles with web sites a good idea?

Why not?

[nospam007]

"Is pairing kettles with web sites a good idea?"

Why not? I remember fondly the first coffeepot camera on the web, even if it 'leaked' the location of the pot and the hands of those serving themselves.

The foxes own the hen house

Web Bluetooth as currently defined by W3C may introduce unexpected data leaks such as location, and personally-identifiable data

The leaks aren't unexpected, all new web technologies are being designed that way on purpose. When advertisers make up the standards body, this is what we get.

Re:The foxes own the hen house

[AmiMoJo]

I don't really see the problem. Web site asks if it can access your Bluetooth device, just like it can already request your location and access to your webcam, and you click "no". Even better, you set the default to "no".

If the website can override that, you are screwed anyway because it already owns your computer.