--- a/light/Overview.html	Tue May 21 12:02:22 2013 +0300
+++ b/light/Overview.html	Tue May 21 12:04:08 2013 +0300
@@ -391,7 +391,7 @@
   </p>
   <h1 class="title p-name" id="title">Ambient Light Events</h1>
   
-  <h2 id="w3c-editor-s-draft-06-may-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2013-05-06">06 May 2013</time></h2>
+  <h2 id="w3c-editor-s-draft-21-may-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2013-05-21">21 May 2013</time></h2>
   <dl>
     
       <dt>This version:</dt>
@@ -415,6 +415,7 @@
 <dd class="p-author h-card vcard"><span class="p-name fn">Anssi Kostiainen</span>, <a class="p-org org h-org h-card" href="http://intel.com/">Intel</a></dd>
 
     
+    
   </dl>
   
   
@@ -586,9 +587,40 @@
       </p>
     </section>
     
-    <section id="security-and-privacy-considerations">
-      <!--OddPage--><h2><span class="secno">4. </span>Security and privacy considerations</h2>
+    <section class="informative" id="security-and-privacy-considerations">
+      <!--OddPage--><h2><span class="secno">4. </span>Security and privacy considerations</h2><p><em>This section is non-normative.</em></p>
       <p>
+        Privacy threats can arise when this specification is used in
+        combination with other functionality or when used over time,
+        specifically with the risk of correlation of data and user
+        identification through fingerprinting. Web application developers
+        using these JavaScript APIs should consider how this information might
+        be correlated with other information and the privacy risks that might
+        be created. The potential risks of collection  of such data over a
+        longer period of time should also be considered.
+      </p>
+      <p>
+        Variations in implementation light level values as well as event firing
+        rates offer the possibility of fingerprinting to identify users.
+        Browser implementations may reduce the risk by only using the less
+        precise <a href="#idl-def-LightLevelState" class="idlType"><code>LightLevelState</code></a> of 'dim', 'normal', and 'bright' and limiting
+        event rates available to web application developers.
+      </p>
+      <p>
+        If the same JavasScript code using the API can be used simultaneously in
+        different window contexts on the same device it may be possible for
+        that code to correlate the user across those two contexts, creating
+        unanticipated tracking mechanisms.
+      </p>
+      <p>
+        Browser implementations should consider providing the user an
+        indication of when the sensor is used and allowing the user to disable
+        sensing.
+      </p>
+      <p>
+        Web application developers that use this specification should perform a
+        privacy assessment of their application taking all aspects of their
+        application into consideration.
       </p>
     </section>
     

--- a/proximity/Overview.html	Tue May 21 12:02:22 2013 +0300
+++ b/proximity/Overview.html	Tue May 21 12:04:08 2013 +0300
@@ -391,7 +391,7 @@
   </p>
   <h1 class="title p-name" id="title">Proximity Events</h1>
   
-  <h2 id="w3c-editor-s-draft-06-may-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2013-05-06">06 May 2013</time></h2>
+  <h2 id="w3c-editor-s-draft-21-may-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published" datetime="2013-05-21">21 May 2013</time></h2>
   <dl>
     
       <dt>This version:</dt>
@@ -418,6 +418,7 @@
 <dd class="p-author h-card vcard"><span class="p-name fn">Dzung D Tran</span>, <a class="p-org org h-org h-card" href="http://intel.com/">Intel</a></dd>
 
     
+    
   </dl>
   
   
@@ -619,9 +620,40 @@
       </p>
     </section>
     
-    <section id="security-and-privacy-considerations">
-      <!--OddPage--><h2><span class="secno">4. </span>Security and privacy considerations</h2>
+    <section class="informative" id="security-and-privacy-considerations">
+      <!--OddPage--><h2><span class="secno">4. </span>Security and privacy considerations</h2><p><em>This section is non-normative.</em></p>
       <p>
+        Privacy threats can arise when this specification is used in
+        combination with other functionality or when used over time,
+        specifically with the risk of correlation of data and user
+        identification through fingerprinting. Web application developers
+        using these JavaScript APIs should consider how this information might
+        be correlated with other information and the privacy risks that might
+        be created. The potential risks of collection  of such data over a
+        longer period of time should also be considered.
+      </p>
+      <p>
+        Variations in implementation limits of minimum and maximum sensing
+        distance as well as event firing rates offer the possibility of
+        fingerprinting to identify users. Browser implementations may reduce
+        the risk by limiting the granularity and event rates available to web
+        application developers.
+      </p>
+      <p>
+        If the same JavasScript code using the API can be used simultaneously in
+        different window contexts on the same device it may be possible for
+        that code to correlate the user across those two contexts, creating
+        unanticipated tracking mechanisms.
+      </p>
+      <p>
+        Browser implementations should consider providing the user an
+        indication of when the sensor is used and allowing the user to disable
+        sensing.
+      </p>
+      <p>
+        Web application developers that use this specification should perform a
+        privacy assessment of their application taking all aspects of their
+        application into consideration.
       </p>
     </section>