- From: Adam Bergkvist <adam.bergkvist@ericsson.com>
- Date: Tue, 11 Dec 2012 06:49:05 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 2012-12-10 18:44, Martin Thomson wrote: > On 9 December 2012 22:47, Adam Bergkvist <adam.bergkvist@ericsson.com> wrote: >> The fingerprinting surface is obviously greater if we expose a list of ids >> (getDeviceIds()) compared to only the length of such a list (which would be >> getNumDevices()). > > Not so. Fingerprinting pertains to the ability of the same tracker > bug being implanted in the two different sites in order to correlate > information about the same browser for the site. For a single site, > installing a cookie (or stash something in local storage) provides a > more stable reference. As long as every origin receives a different > identifier for the same device, then a list of identifiers is exactly > equivalent to getNumDevices(). You're right. We did talk about making the ids origin specific. getDeviceIds() does leak a bit more information about your connected devices to sites that you've never granted any getUserMedia() permissions to. The main use case, as I recall it, was to let trusted sites reuse a device configuration known to work. /Adam
Received on Tuesday, 11 December 2012 05:49:56 UTC