Answers to the questionnaire for Generic Sensor API can be found here.
Yes, but not directly. Magnetometer specification requires user permission and implementation of applicable mitigation strategies to address potential risks. For more information, please see: Security and Privacy section.
Yes, but not directly.
Sensor readings are explicitly flagged by the Secure Contexts specification [POWERFUL-FEATURES] as a high-value target for network attackers. Thus all interfaces defined by this specification or extension specifications are only available within a secure context.
Indirectly, magnetometer sensor readings can be used to infer user input.
3.3 Does this specification introduce new state for an origin that persists across browsing sessions?
No.
No.
3.5 Does this specification expose any other data to an origin that it doesn’t currently have access to?
No.
No.
Not directly; However, magnetometer data can be used in combination with other sensors to calculate, direction or due to non-uniform strength of the Earth’s magnetic field, expose or validate user location. Magnetometer requires user permission and implementation of applicable mitigation strategies to avoid potential risks.
Yes.
3.9 Does this specification allow an origin access to aspects of a user’s local computing environment?
Yes. If user agent has permission to access magnetometer, the API provides means to check if sensor is available within user’s local computing environment.
No.
No.
No.
No.
Specification does not restrict access to a particular mode, nor work differently. However, this can be revisited when privacy mode would be formally specified.
No.
Yes.
See: Security & Privacy section.
No.