W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > August 2015

Re: [mediacapture-main] Privacy/security review questions

From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Aug 2015 12:28:45 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-131799308-1439814525-sysbot+gh@w3.org>
First pass at this described [on the mailing 
list](https://lists.w3.org/Archives/Public/public-media-capture/2015Aug/0011.html):
* Does this specification deal with personally-identifiable 
information?

     Video and audio captured using this API provides 
personally-identifiable information.

* Does this specification deal with high-value data?

     Not beyond the one identified above.

* Does this specification introduce new state for an origin that 
persists across browsing sessions?

     Yes: information on available media input and out devices, in 
particular deviceId, exposed in MediaDeviceInfo, persists across 
browsing sessions. In addition, the information described in the 
answer 
to the next question is also available in the single-origin case.

* Does this specification expose persistent, cross-origin state to the
 web?

     The number and grouping of media devices provided by 
navigator.mediaDevices.enumerateDevices() persist across browsing 
sessions and origins.

     Device labels exposed by MediaDeviceInfo once the user has 
granted 
access to one of their capture devices persist across browsing 
sessions 
and origins.

     MediaTrackCapabilities exposed by 
MediaStreamTrack.getCapabilities 
(after the user has granted access to a particular device) are in 
general also persistent across browsing sessions and origins.

* Does this specification expose any other data to an origin that it 
doesn’t currently have access to?

     No.

* Does this specification enable new script execution/loading 
mechanisms?

     No.

* Does this specification allow an origin access to a user’s location?

     The video and audio captured via getUserMedia can presumably be 
used in some cases to identify one's user location.

* Does this specification allow an origin access to sensors on a 
user’s 
device?

     Yes, it allows access to the camera and microphone.

* Does this specification allow an origin access to aspects of a 
user’s 
local computing environment?

     Yes, it allows access to the list of available media devices 
without user consent; it also allows access to more detailed 
information 
about these media devices after the user has granted access to one of 
these devices for media capture.

* Does this specification allow an origin access to other devices?

     While some cameras and microphones that this specification gives 
access to will be separate devices, the specification doesn't expose 
this distinction, nor does it expose new ways of interacting with 
these 
devices..

* Does this specification allow an origin some measure of control over
 a 
user agent’s native UI?

     No.

* Does this specification expose temporary identifiers to the web?

     MediaDeviceInfo.groupId?

* Does this specification distinguish between behavior in first-party 
and third-party contexts?

     No.

* How should this specification work in the context of a user agent’s 
"incognito" mode?

     TBD

* Does this specification persist data to a user’s local device?

     Yes, deviceId is persisted on the user’s local device; the 
specification requires that data to be cleared along with other 
browsing 
data.

* Does this specification have a "Security Considerations" and 
"Privacy 
Considerations" section?

     Yes.

* Does this specification allow downgrading default security 
characteristics?

     No.

-- 
GitHub Notif of comment by dontcallmedom
See 
https://github.com/w3c/mediacapture-main/issues/212#issuecomment-131799308
Received on Monday, 17 August 2015 12:28:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:27 UTC