Web applications using immersive APIs may have access to real-world understanding data (e.g. real-world geometry), and may also use the camera or other sensors during scene composition and rendering (e.g. augmented reality on mobile devices). This access (or perceived access) to data presents certain threat vectors to user privacy and security.

The purpose of this repo is to explore those threat vectors and possible mitigations that may form the basis of the Privacy and Security Considerations sections for APIs related to the immersive web, as well as informing normative requirements for those APIs.

This repository is intended to include several explainers, each capturing a dimension of data access (or perception of data access) and analysing potential threat vectors and mitigations.