W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > December 2017

Re: [mediacapture-fromelement] Investigate and document the fingerprintability of user media rendering

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Mon, 04 Dec 2017 22:00:07 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-349120504-1512424806-sysbot+gh@w3.org>
So there are no permissions prompts here.  That suggests that yes, this is a new way to fingerprint implementations based on how they render video... maybe (more below).  To the extent that it allows capture from canvas, it also allows access to all the existing canvas fingerprinting capabilities.

The product of this API is a video stream (which might also include audio).  To the extent that the incoming video is subject to platform-specific modification as a result of being rendered, this does expose information about the platform.  Where possible, the output video will be a direct clone of the input and so won't expose platform-specific properties.  That's can probably be prevented by an application though with canvas by applying a small tweak (such as a transform) that forces rendering and re-capture.

FWIW, MediaRecorder has the same problem.

Both this and MediaRecorder also expose other rendering-related things like platform-specific loss masking techniques.

GitHub Notification of comment by martinthomson
Please view or discuss this issue at https://github.com/w3c/mediacapture-fromelement/issues/68#issuecomment-349120504 using your GitHub account
Received on Monday, 4 December 2017 22:00:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:33 UTC