W3C home > Mailing lists > Public > public-html-media@w3.org > April 2016

[encrypted-media] Privacy: Prohibit access/use of sensitive data (e.g. location) by CDMs

From: ddorwin via GitHub <sysbot+gh@w3.org>
Date: Tue, 12 Apr 2016 20:30:43 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-147864814-1460493042-sysbot+gh@w3.org>
ddorwin has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Privacy: Prohibit access/use of sensitive data (e.g. location) by 
CDMs ==
In 
https://github.com/w3c/encrypted-media/issues/157#issuecomment-208844577,
 @mwatson2 says:
>For online viewing, services may indeed apply geographic 
restrictions. ...it is a server function to apply these restrictions, 
not something that is done by the DRM. This is important to recognize 
because there would be privacy implications if the CDM could access 
your location.

While we assume the CDM cannot access or use the client's/user's 
location, I'm not sure it is currently expressly prohibited by the 
spec.

More generally, the CDM should not use (have access to?) or expose 
data that is not generally available to web applications or is 
generally protected by a user permission and/or prompt. Location is a 
primary example, but there are others, both exposed to the web (i.e. 
user media, such as camera and mic) and not (i.e. LAN details or 
devices).

While the examples above may seem clear cut, the phrasing could be 
tricky, especially since unsandboxed CDMs often do have such access 
and some CDMs use, for example, Distinctive Identifiers not otherwise 
exposed.

Note that preventing exposure of such data is not sufficient since 
even use of them could allow them to be derived (i.e. via a series of 
licenses).

Please view or discuss this issue at 
https://github.com/w3c/encrypted-media/issues/158 using your GitHub 
account
Received on Tuesday, 12 April 2016 20:30:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 12 April 2016 20:30:46 UTC