- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Thu, 24 Jan 2019 20:26:45 +0000
- To: public-webrtc-logs@w3.org
> Return the constraint name that can never be met I like this one. It addresses the core exploit without breaking the API (the spec does not mandate which constraint to return [1]). I think we can add something here. I'd modify the "can never be met" criteria to exclude the *deviceId* constraint, since that one's often the target of probing, and may otherwise "never be met" for removed devices. Something like: "To mitigate fingerprinting, if more than one required constraint had a fitness distance of infinity, return the one least likely to succeed on any device, but never the *deviceId* constraint." [[1]](https://w3c.github.io/mediacapture-main/getusermedia.html#dom-mediadevices-getusermedia): *"If* candidateSet *is the empty set, let* failedConstraint *be* ***any*** *required constraint whose fitness distance was infinity for all settings dictionaries examined while executing the SelectSettings algorithm"*.) -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/562#issuecomment-457343878 using your GitHub account
Received on Thursday, 24 January 2019 20:26:46 UTC