W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2012

Re: Device enumeration, Fingerprinting and other privacy risks

From: Rob Manson <roBman@mob-labs.com>
Date: Thu, 11 Oct 2012 20:18:26 +1100
Message-ID: <50768EE2.6040509@mob-labs.com>
To: public-media-capture@w3.org
Surely there has to be some limit to this paranoia?

It's quite possible that someone could write code to evaluate the nature 
of the device and peripherals you're using based on the quality and 
intrinsic structure of the photos and video feeds your device generates.

And the frame content can also be used for facial and object recognition 
and all kinds of other clever things.

Someone could even evaluate the audio stream of you talking to work out 
your educational background and probable race and income.

Does this really mean we should prevent devices from generating image 
content because it "could" be used in malicious ways!?

Isn't it better for us to educate users about the real security 
implications of the permissions they grant so we can get back to 
enabling the web platform and realise the amazing potential it really 
offers.

roBman


On 11/10/12 19:45, Robin Berjon wrote:
> On 10/10/2012 09:59 , Dominique Hazael-Massieux wrote:
>> I also wanted to mention another privacy risk induced by AV device
>> enumeration: getting a list of all the AV devices a user own does not
>> only allow to identify the user passively, it also leaks potentially a
>> lot of information about the user: for instance, if the user owns an
>> expensive set of AV capture devices, a Web site could assume the user is
>> wealthy, and thus start to offer its goods or services with a higher
>> price tag.
>
> It would also make for a lovely extension to http://pleaserobme.com/.
>
Received on Thursday, 11 October 2012 09:18:54 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:02 GMT