[Bug 17417] Define a security model for requesting access to the MIDIAccess interface

https://www.w3.org/Bugs/Public/show_bug.cgi?id=17417

--- Comment #7 from Jussi Kalliokoski <jussi.kalliokoski@gmail.com> ---
(In reply to comment #6)
> (In reply to comment #5)
> > I agree that the word should be "SHOULD". After all, it's the ideal, and
> > "SHOULD" still isn't "MUST".
> 
> It's true, SHOULD isn't MUST - but I've become much less convinced there's a
> real fingerprinting issue here, particularly since Java has had unprompted
> MIDI support for a vary long time

Yes, Java is quite well-known for its security features... Hahaha, sorry, that
fruit was hanging way too low for me to resist.

> and the exploits would be VERY uncommon
> and very equipment-dependent.  I'm exploring internally with security folks
> to get their sense, but I don't think that the UA SHOULD prompt the user in
> the default case.

I agree with you on exploits, they're likely to be a very uncommon and
relatively meaningless, but they're still exploits. The last thing we need is
more attack-vector surface on the web.

As for fingerprinting, if the default is not to ask, we void every other
working group's often extreme efforts to avoid user fingerprinting and
practically give the user's identity on a plate to anyone who wants to take it.
That is, if they have any distinguishable MIDI devices. The main reason Java's
MIDI API isn't used for fingerprinting often is that it's not very subtle (you
want fingerprinting to be subtle). Add that to the fact that just the MIDI
information isn't enough to form a reliable pool of entropy to identify users
(usually), and it's not a very tempting choice. However, if the user doesn't
even notice that you're getting the info, it's a very nice source of entropy.
We don't want to add a freebie to the already-too-large pool of entropy each
user carries with their browsing session.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 14 December 2012 09:34:01 UTC