- From: Martin Thomson via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Mar 2016 04:58:22 +0000
- To: public-media-capture-logs@w3.org
martinthomson has just created a new issue for https://github.com/w3c/mediacapture-main: == Browsing sessions and device IDs == We've had a fair bit of back-and-forth about this at Mozilla (I hope to have https://bugzilla.mozilla.org/show_bug.cgi?id=1223773 opened so people can see that discussion, but it's still locked down). The definition of "browsing session", which was created after the term was used in gUM is here, is a poor fit here. In that bug, @jan-ivar was motivated to go to somewhat extraordinary efforts to be compliant with the definition we have (see aforementioned bug). That would be OK, except that it didn't really address a security issue. Architecturally speaking, sites need to have a consistent view of any persistent state that a browser retains for them. This includes device identifiers, which are, for better or worse, a form of persistent identifier. Requiring identifiers to be discarded at specific points in time, as the current text does, and on a different timeline to other persisted state, can harm that view unnecessarily. There is no security or privacy advantage to be gained by throwing away this state, but site integrity can be adversely affected. I suggest that "browser session" isn't a good fit for what we want to have for the lifetime of device identifiers. We've been around this problem a few times, and I think that ultimately we will find it hard to agree on a single lifetime for these identifiers. However, I think that we can and should set expectations. I propose: 1. That the minimum time over which the identifiers persist, absent user override, is a browsing session. That is, unless a user intervenes, device identifiers are constant for a given origin for the duration of a browsing session. 2. That browsers be permitted to persist those identifiers after that, but they not be required to. This allows a browser to drop identifiers on shutdown (whatever that means), or to run a timer, or to watch for the last window open to an origin to close and nuke at that point. It also allows for different policies during normal and "private" browsing. Ideally, we would persist these identifiers just like other origin-specific state, but the cost of implementing that vs. the benefit was considered and I don't think that we wanted to invest that effort. I think that we would if we all decided that was the right thing to do. I think that it is, but consider the value to be dismally low. Thus, I did not propose this as a third part to the above proposal, but would support that if others do. Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/322 using your GitHub account
Received on Tuesday, 8 March 2016 04:58:25 UTC