[Bug 20965] EME results in a loss of control over security and privacy. from bugzilla@jessica.w3.org on 2013-02-20 (public-html-bugzilla@w3.org from February 2013)

From: <bugzilla@jessica.w3.org>
Date: Wed, 20 Feb 2013 16:22:22 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20965-2486-OADUZi5dGp@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20965

--- Comment #8 from Joe Steele <steele@adobe.com> ---
(In reply to comment #7)
> (In reply to comment #6)
> > I do not believe that having a unique key or cookie is, in and of itself, a
> > violation of privacy.
> 
> Exposing the same unique value to all sites is enough of an enabler of
> privacy violations that it should be addressed.
> 
> > Having such a key that the user cannot exercise any
> > control over seems like a problem. I would expect CDMs to be subject to the
> > same constraints that browsers are today, i.e. they should provide a
> > "private" mode where such information is not retained and provide mechanisms
> > for the user to remove such information if it already exists.
> 
> Private browsing modes primarily address privacy relative to other users of
> the same computing device that the browser runs on. They either aren't or
> are less about addressing privacy relative to the sites that are accessed or
> relative to third parties whose components (typically ads) are included on
> the sites.
> 
> Especially addressing privacy relative to third parties (such as ad
> aggregators) is an issue that browsers seek to address in their normal mode
> of operation without requiring the user to enter a private browsing mode.
> For example, Safari, by default, outside the private browsing mode, tries to
> avoid honoring third-party cookies. Therefore, the issue of each CDM
> installation having unique key material whose uniqueness is detectable by
> Web sites is the kind of issue browser care about addressing in the normal
> mode of operation.
> 
> Persistently storing content keys/licenses to last beyond the end of the
> current browsing session would be the kind of thing that would need
> addressing in order to address privacy relative to other users of the same
> computing device that the browser runs on. However, to the extent EME is
> meant to be about streaming, it should be possible to make EME or its CDMs
> not use permanent storage for content keys/licenses. (If the implementors of
> EME or CDMs are planning on addressing non-streaming use cases that involve
> writing content keys/licenses in permanent storage, I think it would be good
> for them to speak up about their intentions.)
> 
> > There is
> > nothing in the EME specification that prevents compliance with good privacy
> > practices.
> 
> EME should have some kind of privacy considerations section that points out
> the risks and suggests remedies so that each implementor doesn't need to
> discover the problems independently.

[steele] Can you suggest some text that we could add to the spec?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 20 February 2013 16:22:25 UTC