W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2017

Re: Privacy review of the Remote Playback API - comments

From: Christine Runnegar <runnegar@isoc.org>
Date: Mon, 30 Jan 2017 20:31:49 +0000
To: Simon Rice <Simon.Rice@ico.org.uk>
CC: "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <7B0A5C04-D2C6-43F4-A2CA-9480EF25AEB9@isoc.org>
Hello Simon,

Thank you for reviewing the draft specification and providing these useful comments. Before we pass these on, does anyone else have something to add?

> On 25 Jan 2017, at 2:08 pm, Simon Rice <Simon.Rice@ico.org.uk> wrote:
> Following the Chair’s request for comments I have three comments to raise:
> 1)   In the section “Disabling remote playback”, consider to add the requirement that the monitoring of devices must not occur if the feature is disabled by the user, thus “If the disableRemotePlayback attribute is present on the media element, the user agent MUST NOT monitor availability, play the media remotely or present any UI to do so.  
> 2)   It is unclear if the callbackId is derived from a unique identifier on the Callback device (e.g. a hash value of a MAC address). Is there any reason why this could not be generated for each session by the UA? It would still be unique across all callback devices on the network but different devices on the same network could have a different set of unique devices and thus reducing the potential for device fingerprinting.
> 3)   Does the RemotePlaybackAvailabilityCallback object include a human-readable name to identify the Callback object? E.g. “kitchen speaker”, “bedroom TV”, “Medical device”? Would this also be exposed outside of the UA? Privacy implications would vary depending on where this human-readable name is disclosed, if any.
> Simon
> The ICO's mission is to uphold information rights in the public interest. To find out more about our work please visit our website, or subscribe to our e-newsletter at ico.org.uk/newsletter.  
> If you are not the intended recipient of this email (and any attachment), please inform the sender by return email and destroy all copies without passing to any third parties.
> If you'd like us to communicate with you in a particular way please do let us know, or for more information about things to consider when communicating with us by email, visit ico.org.uk/email

Received on Monday, 30 January 2017 20:32:30 UTC

This archive was generated by hypermail 2.3.1 : Monday, 30 January 2017 20:32:31 UTC