W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > March 2016

Re: [mediacapture-main] Browsing sessions and device IDs

From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
Date: Fri, 11 Mar 2016 08:41:13 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-195258989-1457685671-sysbot+gh@w3.org>
Re cookies and persistent storage, as the [Web storage 
spec](https://html.spec.whatwg.org/multipage/webstorage.html#privacy) 
states:
> Treating persistent storage as cookies
>
> If users attempt to protect their privacy by clearing cookies 
without also clearing data stored in the local storage area, sites can
 defeat those attempts by using the two features as redundant backup 
for each other. User agents should present the interfaces for clearing
 these in a way that helps users to understand this possibility and 
enables them to delete data in all persistent storage features 
simultaneously.

In practice, we already have [text to that effect for 
`deviceId`](http://w3c.github.io/mediacapture-main/getusermedia.html#widl-MediaDeviceInfo-deviceId):
> Since deviceId may persist across browsing sessions and to reduce 
its potential as a fingerprinting mechanism, deviceId is to be treated
 as other persistent storage mechanisms such as cookies

So I think we "just" need to remove the binding to permission grant 
and browsing session and should be good.

-- 
GitHub Notification of comment by dontcallmedom
Please view or discuss this issue at 
https://github.com/w3c/mediacapture-main/issues/322#issuecomment-195258989
 using your GitHub account
Received on Friday, 11 March 2016 08:41:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:29 UTC