- From: <bugzilla@jessica.w3.org>
- Date: Fri, 07 Nov 2014 12:16:13 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27269 Bug ID: 27269 Summary: Normatively require distinctive identifiers to be different by top-level and EME-using origin Product: HTML WG Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Encrypted Media Extensions Assignee: adrianba@microsoft.com Reporter: hsivonen@hsivonen.fi QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-media@w3.org Depends on: 27268 In order to make distinctive identifiers useless for tracking users across sites (whether the tracking is performed by a video hosting service serving many sites, an ad or analytic service whose scripts are included by many sites or by a network MITM who injects EME usage into many non-https sites), please require that distinctive identifiers (bug 27268) be different whenever the origin of the document in the top-level browsing context or the origin using EME is different. This bug does not address tracking across time on a particular site. I will file another bug on that topic. (Start proposed spec text for a *normative* section) Implementations MUST ensure that the same distinctive identifier is not exposed to two different combinations of the origin of the document in the top-level browsing context and the origin of the document using the interfaces defined in the specification. It is RECOMMENDED that ensuring this be the responsibility of the User Agent rather than the responsibility of the CDM. Implementations MUST ensure that CDM instances from different combinations of the origin of the document in the top-level browsing context and the origin of the document using the interfaces defined in the specification do not communicate with each other either directly or through shared storage. It is RECOMMENDED that it is the responsibility of the User Agent to enforce the communication restriction stated in the previous sentence. Note: The most obvious way to meet this requirement is to ensure that the CDM itself does not have any distinctive identifiers built into it (i.e. the CDM itself is identical across a large population of devices) and any distinctive identifiers that the CDM is allowed to obtain from the local device be hashed with a salt randomly generated by the User Agent and associated, by the User Agent, with the pair of the origin of the document in the top-level browsing context and the origin using the the interfaces defined in the specification (or the distinctive identifiers be derived from such a hash). To meet the requirement about storage, storage available to the CDM can be partitioned such that each salt value remembered by the User Agent is associated with a distinct storage partition. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Friday, 7 November 2014 12:16:14 UTC