W3C home > Mailing lists > Public > public-media-capture@w3.org > November 2013

Re: Leakage (Re: Requirements on mandatory constraints (ACTION-27))

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Mon, 25 Nov 2013 14:59:34 -0500
Message-ID: <5293AC26.8080505@bbs.darktech.org>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 25/11/2013 2:37 PM, Martin Thomson wrote:
> On 25 November 2013 11:07, cowwoc <cowwoc@bbs.darktech.org> wrote:
>> Even if we don't need any extra flexibility, my proposal (allowing
>> developers to pass in a filter function) would provide you as much
>> flexibility as you'll ever need without the risk of fingerprinting. Isn't it
>> better to tackle fingerprinting in a more consistent manner as I have
>> described? You could reuse this same functionality across all of WebRTC.
> Your proposal doesn't change the underlying mathematics of the
> situation.  It's merely a way to change the selection process.

I don't understand. My proposal was for the browser to "sanitize" 
user-functions, ensuring that they do not leak fingerprinting 
information outside of the local computer. This can be implemented by 
scanning the function ahead of time, or implementing a sandboxing 
mechanism similar to Java where the browser would deny access to API 
functions at runtime while executing in sandbox mode. While it is true 
that I proposed this while discussing getUserMedia() its applications 
are not limited to the selection process.

Received on Monday, 25 November 2013 20:00:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:24:43 UTC