[Bug 26332] Applications should only use EME APIs on secure origins (e.g. HTTPS) from bugzilla@jessica.w3.org on 2014-10-27 (public-html-bugzilla@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 27 Oct 2014 00:52:41 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26332-2486-mq9tepNtU1@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332

--- Comment #108 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Glenn Adams from comment #105)
> (In reply to David Dorwin from comment #104)
> > We have identified broad privacy-invasive and security-compromising
> > issues/functionality/features that are not currently normatively disallowed.
> > Since those privacy-invasive and security-compromising issues and features
> > are not normatively addressed and disallowed, respectively, we should
> > restrict access to secure origins.
> 
> That is an absurd statement. Cookies suffer the same problem. Does that mean
> they should be restricted to secure origins?
> 

It's not at all an absurd statement. Multiple browser vendors are exploring
just that - exploring ways to restrict cookies to only secure origins, for
precisely the same reasons as being discussed here. Chromium, for example, has
bugs https://code.google.com/p/chromium/issues/detail?id=149962 and
https://code.google.com/p/chromium/issues/detail?id=399416 to track these
efforts.

While it's quite obvious that EME provides worse privacy than cookies - as it
offers a way to cryptographically bind a persistent identifier, rather than the
existing cookie mechanisms which provide no such assurances (as they can easily
be copied) - the fact that cookies exist is by no means an acceptable
justification for further eroding privacy.

Regardless, it's clear from this bug that the opponents towards a secure origin
requirement are not making concrete suggestions for dealing with these privacy
concerns. The only options that have been put forth so far are doing nothing in
the spec - which is ignoring the problem entirely - or to place a requirement
in the spec for secure origins, and then work towards a consensus that can
alleviate these concerns. Since it's clear that "doing nothing" is not an
acceptable solution for anyone, from the TAG, to UAs, to users, the onus needs
to be on those who object to secure origins to make concrete and actionable
proposals to reduce that. But if no proposals can be made, secure origins are
logically the least that a UA can do to address the concerns.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 27 October 2014 00:52:43 UTC