- From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
- Date: Thu, 17 Mar 2016 13:21:20 +0000
- To: public-media-capture-logs@w3.org
Speaking as contributor: My opinion is that the rules around deviceIDs should ensure that they are no worse than cookies. If we can make them better than cookies, that is a Good Thing - but if an attacker can achieve exactly the same thing with cookies as with device IDs, I'm not going to bother defending against the same attack using device IDs; it doesn't improve the user's security. That said, I think we should close this PR - the arguments presented on the list show why persisting them when unused is a bad idea. -- GitHub Notification of comment by alvestrand Please view or discuss this issue at https://github.com/w3c/mediacapture-main/pull/326#issuecomment-197876705 using your GitHub account
Received on Thursday, 17 March 2016 13:21:22 UTC