[Bug 20965] EME results in a loss of control over security and privacy. from bugzilla@jessica.w3.org on 2013-02-22 (public-html-bugzilla@w3.org from February 2013)

From: <bugzilla@jessica.w3.org>
Date: Fri, 22 Feb 2013 18:47:45 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20965-2486-kqjpoMHvhY@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20965

--- Comment #17 from Joe Steele <steele@adobe.com> ---
(In reply to comment #13)
> (In reply to comment #10)
> I'm pretty sure you'll find that browser vendors treat the issue of
> "globally unique persistent identifier exposed to all sites" as an issue for
> all modes of operation, not just "private" mode issue.

Agreed. However that is not required by EME. My point was about the persistence
of unique identifiers, not how global they are. I am *not* arguing for the
existence of a globally unique persistent identifier exposed to all sites, nor
is it required for CDMs (at least not the one I am most familiar with)

> What's your use case of persistent storage of CDM-related information? I
> thought it wasn't worthwhile to propose more complex requirements without
> knowing the use cases that the requirements were supposed to address.

In cases where a license can have a longer lifetime than a single session, it
is useful (and sometimes necessary) to not require the user to reacquire the
license the next time they want to play. 

Here are some of the benefits:
* Allows the license provider to lower their cost (less network transactions
required) which can result in lower costs for the user. 
* Allows the user to request a license in a secure environment and then
continue to play back content when they are in an insecure environment without
having to reacquire the license over the insecure network. 
* Reduces the number of times the user needs to authenticate.

> In any case, persistent storage of licenses gives a person with access to
> the computing device information about what sites have been accessed.

This is dependent on how the information is secured on disk. The browser cache
seems like a more likely target for snooping though, since the location you
downloaded the movie from is probably much more informative. If I have local
access to the computing device I can gather information on the user in any
number of ways. 

Or is your point that the user can get access to the list when the DRM vendor
might not want them to?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 22 February 2013 18:47:51 UTC