W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2012

Re: Device enumeration, Fingerprinting and other privacy risks

From: Rob Manson <roBman@mob-labs.com>
Date: Thu, 11 Oct 2012 22:17:03 +1100
Message-ID: <5076AAAF.30405@mob-labs.com>
To: Robin Berjon <robin@w3.org>
CC: public-media-capture@w3.org
Hi Robin,

I'm not trying to be trollish here...it's just that fingerprinting seems 
like a knee-jerk response in this discussion that tends to shut down the 
discussion...when I really believe there is a pragmatic "middle ground" 
compromise that could be simple and useful.

> There are plenty of good reasons why a user would want to authorise a
> web site to access her camera. There are also plenty of reasons why it
> would be terribly dangerous to allow web sites to access the camera
> without user consent.

All the more reason users need to be educated.  Surely this decision is 
something that needs to be made by the user in the end?  But I don't 
think this paragraph directly relates to device enumeration does it?

> The use cases for device enumeration are far fewer and farther apart
> than those for capturing images. The risks are also lower, but not to be
> disregarded nevertheless.

What is the real world risk here based on anything that has actually 
been proposed in any draft standard?  Other than this email from you [1] 
I haven't been able to find any real discussion where it's been proposed 
that names of cameras that also may include brand names be included in 
this enumeration (happy to be proven wrong here).

I can certainly envisage a useful and pragmatic list of devices that 
defines the types and quality of images/audio that they can output. 
This doesn't require brand or model information at all.  This would 
simply allow developers to offer users a nicely designed and easy to use 
UI/UX for selecting relevant cameras.

I also think it would be constructive to separate the enumeration 
discussion from the "spatial ontology" (e.g. front/back - 
user/environment/room etc.) discussion as they really are two separate 
conceptual issues.

> Device enumeration without user consent is exactly like making users walk
> around the street all day every day with a t-shirt listing the devices that
> they own.

This is a little sensationalist isn't it Robin?  It seems to be based on 
an all or nothing view of enumeration.

"all day every day"?  Personally I choose when and where I go on the 

"listing the devices they own"? Personally I use many different browsing 
devices in different contexts. It would not be trivial for a random 
website to develop an enumerated list of "all the media capture devices 
I own".

> Device enumeration with user consent is less problematic, but it still amounts
> to walking into a shop and telling people how much you earn.

Again this assumes that the only useful way to list devices is by 
listing information about the make/model and therefore value.  I'd 
really like to challenge this assumption.

Also, device usage does not necessarily have a 1:1 mapping to personal 

> The question is simply: are those things you would do, and are those
> things you would recommend everyone do?

No that's not really the question, no I wouldn't do those things and no 
I wouldn't recommend others do either 8)

> Being considerate of users' privacy is hardly "paranoia" in my book —
> but then YMMV.

Again you seem to have assumed that my pro-enumeration view can only be 
anti-privacy.  I really would like to challenge this assumption.


Received on Thursday, 11 October 2012 11:17:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:24:37 UTC