- From: Travis Leithead <travis.leithead@microsoft.com>
- Date: Thu, 20 Dec 2012 05:06:23 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: Adam Bergkvist <adam.bergkvist@ericsson.com>, Harald Alvestrand <harald@alvestrand.no>, "public-webrtc@w3.org" <public-webrtc@w3.org>
> From: Martin Thomson [mailto:martin.thomson@gmail.com] > On 19 December 2012 12:00, Travis Leithead > <travis.leithead@microsoft.com> wrote: > > What if the UA doesn't wish to report brand information (for example, > > to limit fingerprinting issues)? Since there will also be a unique > > "sourceId" for uniquely identifying the source, then my point is that > > the "label" wouldn't really add anything (unless it's needed for > > something in Peer Connection which I'm not aware of...) > > Choosing not to report brand information is one thing, providing an > application enough information to allow them to inform the user in a > meaningful way is another. > > When we were building some of this stuff, the many devices I have would > sometimes lead to situations where I wasn't sure if the app was busted or if it > had chosen the wrong device. Displaying a "label" was what ultimately fixed > the issue - check label, go to identified device, test. > > That doesn't mean that the labels can't be made unambiguous and less > useful to an application for fingerprint, but I question the value. > At the point that the application can take a photo of your face, what sort of > leak are you looking to avoid exactly? I was playing [privacy/fingerprinting] devil's advocate. We just need to ensure that before a source is connected to a track, the label does not disclose anything. Afterward, the user has granted permission, and the label can be disclosed. My original question was just wondering if there was information duplication via the label attribute, but it sounds like there's some unique value to it.
Received on Thursday, 20 December 2012 05:07:45 UTC