- From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
- Date: Wed, 05 Oct 2016 12:02:13 +0000
- To: public-media-capture-logs@w3.org
First, some history of the discussion on devicechange correlation: * it was part of the [feedback received from the Privacy Interest Group](https://www.w3.org/2016/03/getusermedia-wide-review.html#ping) * more specifically, it was brought up by @npdoty in this [review of the document](https://lists.w3.org/Archives/Public/public-privacy/2015OctDec/0028.html): > Particularly if this event will be fired before any permission is granted, it is important that it not be fired simultaneously in all browsing contexts. Sites can use simultaneous firing to correlate browsing activity in different tabs, different windows (including private windows), different browsers, in a way that may be unexpected to the user and undermine other protections they're attempting to implement. In particular, I think one of the risks this tries to mitigate is if a browser is configured to severely limit leak of information (via fingerprinting, communication with third party origins), this particular correlation would still allow evading these restrictions. Also, the simultaneous timing of these events can make them usable as correlation traces even if no communication channel can be established at the time of the simultaneous use of Web apps (e.g. offline usage), by comparing them afterwards. But ideally @npdoty will also chime in on this. -- GitHub Notification of comment by dontcallmedom Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/402#issuecomment-251655134 using your GitHub account
Received on Wednesday, 5 October 2016 12:02:24 UTC