- From: ddorwin via GitHub <sysbot+gh@w3.org>
- Date: Tue, 12 Apr 2016 20:30:43 +0000
- To: public-html-media@w3.org
ddorwin has just created a new issue for https://github.com/w3c/encrypted-media: == Privacy: Prohibit access/use of sensitive data (e.g. location) by CDMs == In https://github.com/w3c/encrypted-media/issues/157#issuecomment-208844577, @mwatson2 says: >For online viewing, services may indeed apply geographic restrictions. ...it is a server function to apply these restrictions, not something that is done by the DRM. This is important to recognize because there would be privacy implications if the CDM could access your location. While we assume the CDM cannot access or use the client's/user's location, I'm not sure it is currently expressly prohibited by the spec. More generally, the CDM should not use (have access to?) or expose data that is not generally available to web applications or is generally protected by a user permission and/or prompt. Location is a primary example, but there are others, both exposed to the web (i.e. user media, such as camera and mic) and not (i.e. LAN details or devices). While the examples above may seem clear cut, the phrasing could be tricky, especially since unsandboxed CDMs often do have such access and some CDMs use, for example, Distinctive Identifiers not otherwise exposed. Note that preventing exposure of such data is not sufficient since even use of them could allow them to be derived (i.e. via a series of licenses). Please view or discuss this issue at https://github.com/w3c/encrypted-media/issues/158 using your GitHub account
Received on Tuesday, 12 April 2016 20:30:45 UTC