- From: Harry Halpin <hhalpin@ibiblio.org>
- Date: Wed, 27 Sep 2017 10:24:39 -1100
- To: public-html-media@w3.org
Received on Wednesday, 27 September 2017 21:25:04 UTC
It would be great (particularly for those critical of EME's privacy repercussions) to know what, if any, popular EME-enabled services in the test-suite cover some of the recommendations in terms of persistent identifiers. For example, as the spec notes, EME key systems ``may access or create persistent or semi-persistent identifier(s) for a device or user of a device'' and thus as ``identifiers are present in Key System messages, then devices and/or users may be tracked." Therefore, as ``within a single origin, a site can continue to track the user during a session, and can then pass all this information to a third party'', messages ``must be encrypted, together with a timestamp or nonce, such that the Key System messages are always different." I would assume that last part can be tested, as well as possibly the creation of persistent identifiers in the first place? yours, harry
Received on Wednesday, 27 September 2017 21:25:04 UTC