Hello,

After carefully analyzing the spec, it seems it could be possible to actually recover the max patterns list and max duration length values. While at this moment there is no actual apparent risk since the current implementers appear to limit the max pattern length to 128 and max duration to 10 seconds, it is not clear what could be implementing the spec in the future.

For example, an algorithm monitors DeviceOrientation events and causes a single vibration, increasing the duration while tracking the time when device is vibrating. At some point, the time would stop to ascend, indicating the platform's max duration. This is an identifier.

We could update the privacy considerations to reflect this, i.e.

"It is theoretically possible to recover the values of max length and max duration using external detection sensors. In some scenarios, those values could act as identifiers."

Once again, this concerns a situation where in some case, e.g. Web of Things devices, those values would start to be different. In any case, this would make the spec future proof.