W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > March 2016

Re: [mediacapture-main] Persist device IDs like they were cookies,

From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
Date: Thu, 17 Mar 2016 13:21:20 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-197876705-1458220878-sysbot+gh@w3.org>
Speaking as contributor:
My opinion is that the rules around deviceIDs should ensure that they 
are no worse than cookies. If we can make them better than cookies, 
that is a Good Thing - but if an attacker can achieve exactly the same
 thing with cookies as with device IDs, I'm not going to bother 
defending against the same attack using device IDs; it doesn't improve
 the user's security.

That said, I think we should close this PR - the arguments presented 
on the list show why persisting them when unused is a bad idea.


-- 
GitHub Notification of comment by alvestrand
Please view or discuss this issue at 
https://github.com/w3c/mediacapture-main/pull/326#issuecomment-197876705
 using your GitHub account
Received on Thursday, 17 March 2016 13:21:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:29 UTC