A. Contribution

  1. Problem addressed by the paper

Balancing functionality and privacy in a novel 3D browser that can project site’s contents into user’s room.

  1. Solution proposed in the paper. Why is it better than previous work?

This paper presents SurroundWeb, the first 3D web browser that enables web applications to project web content into a room in a manner that follows the principle of least privilege. Latest previous works research in security focuses solely on restricting application access to sensitive sensor data, while previous HCI research generally focuses on application rendering capabilities without considering their privacy implications. SurroundWeb bridges the gap between these two bodies of research.

  1. The major results.

The authors claim that a wide range of immersive experiences can be implemented with acceptable performance.

B. Basic idea and approach. How does the solution work?

Following the principle of least privilege, the authors propose three abstractions for immersive rendering: 1) the room skeleton lets applications place content in response to the physical dimensions and locations of renderable surfaces in a room; 2) the detection sandbox lets applications declaratively place content near recognized objects in the room without revealing if the object is present; and 3) satellite screens let applications display content across devices registered with SurroundWeb. Through user survey, the authors then validate that these abstractions limit the amount of revealed information to an acceptable degree.


C. Strengths

  1. It implements novel idea of 3D browser while maintaining users’ privacy.
  2. It covers more application sensor input and rendering support than previous works.

D. Weaknesses

  1. Built on top of Internet Explorer. Need to also address previous/current issues with Internet Explorer as most users have left Internet Explorer in favor of other browser such as Mozilla Firefox or Google Chrome.
  2. In the current version of SurroundWeb, there are side channels that can be abused in the detection sandbox. The authors left it for future work.
  3. It is still vulnerable to social engineering attack. For example, applications can ask users to explicitly tell them if an object is present in the room or send information about the room to the site. These attacks are not yet prevented by SurroundWeb abstractions.