- From: <bugzilla@jessica.w3.org>
- Date: Mon, 25 Aug 2014 16:36:38 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332 --- Comment #76 from Ryan Sleevi <sleevi@google.com> --- (In reply to Henri Sivonen from comment #74) > (In reply to Ryan Sleevi from comment #73) > > Still, I don't think that media content necessarily means it's not a privacy > > risk > > Sure, it's a privacy risk in the sense of revealing what content you watch, > but it's not a risk in the sense of revealing a device-bound CDM ID. Well, no, that's not guaranteed, certainly not by the spec. Again, this is dependent upon the CDM, and which I think there will continue to be disagreement as to how much or how little a UA can ensure it's privacy goals are met when negotiating with CDMs and content providers. Consider a particular media file that is encrypted with a Key that only User A can obtain (from the license server). Even if User A is presented to the site as some salted (potentially cleared) data, the site can still employ the CDM/licensing mechanism to track the user, since only the User A is authorized to view. A hostile intermediate could thus substitute a legitimate file with such a file and discover that the user is indeed User A. Or, depending again upon the CDM implementation and protection mechanisms employed, a hostile intermediate might be able to craft a hostile media file that causes the user to talk to the license server iff they are User A, but not User B. There, again, even if the CDM/License communication is TLS protected, the ability to inject the media represents a side-channel attack on user privacy. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 25 August 2014 16:36:39 UTC