W3C home > Mailing lists > Public > public-media-capture@w3.org > April 2013

Re: Privacy: sourceId

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 4 Apr 2013 10:46:21 +0100
Message-ID: <CADnb78jixBDotNGjBaY9f4dp49GpHBd1cszCjOuhcncTFztQJQ@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
On Thu, Apr 4, 2013 at 10:25 AM, Harald Alvestrand <harald@alvestrand.no> wrote:
> On 04/04/2013 09:56 AM, Anne van Kesteren wrote:
>> The specification should make it clear that once a user clears
>> cookies/cache for a particular origin the sourceIds generated for it
>> need to be different from the last time so they cannot be used to
>> reinstate the cookie.
>
> Would this be satisfied if getUserMedia managed a cookie per origin that it
> hashed in with the system's camera ID to produce the user-visible camera ID?

As long as that cookie is cleared too and then reinstated with a new
one that results in the hash generating a different result, sure. You
should probably additionally clarify that sourceIds are origin-scoped
(rather than "application", that's not a security concept the platform
has), unlike cookies which are publicsuffix.org-scoped (which is way
worse, but legacy yadayada).


> We wouldn't want to expose an extra cookie to the server - I'm trying to
> verify that this would satisfy the requirement.

Depends on the details :-)


--
http://annevankesteren.nl/
Received on Thursday, 4 April 2013 09:46:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:24:40 UTC