Answers to the questionnaire for Generic Sensor API can be found here.
Yes, but not directly. Ambient light sensor specification requires user permission and implementation of applicable mitigation strategies to address potential risks. For more information, please see: Security and Privacy section.
Yes, but not directly.
Sensor readings are explicitly flagged by the Secure Contexts specification [POWERFUL-FEATURES] as a high-value target for network attackers. Thus all interfaces defined by this specification or extension specifications are only available within a secure context.
Indirectly, ambient light sensor readings can be used to infer user input.
3.3 Does this specification introduce new state for an origin that persists across browsing sessions?
No.
No.
3.5 Does this specification expose any other data to an origin that it doesn’t currently have access to?
No.
No.
Not directly; yet, the sensor can be used to figure out time of the day, therefore, know rough location of the device.
Yes.
3.9 Does this specification allow an origin access to aspects of a user’s local computing environment?
Yes. If user agent has permission to access ambient light sensor, the API provides means to check if sensor is available within user’s local computing environment.
No; however it is acknowledged that:
Sensors can potentially be used in cross-device linking and tracking of a user.
See: Security & Privacy and Mitigation strategies sections.
No.
No.
No.
Specification does not restrict access to a particular mode, nor work differently. However, this can be revisited when privacy mode would be formally specified.
No.
Yes.
See: Security & Privacy section.
No.