W3C home > Mailing lists > Public > public-media-capture@w3.org > December 2012

Re: Proposal for device "enumeration"

From: Adam Bergkvist <adam.bergkvist@ericsson.com>
Date: Tue, 11 Dec 2012 06:49:05 +0100
Message-ID: <50C6C951.3010606@ericsson.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 2012-12-10 18:44, Martin Thomson wrote:
> On 9 December 2012 22:47, Adam Bergkvist <adam.bergkvist@ericsson.com> wrote:
>> The fingerprinting surface is obviously greater if we expose a list of ids
>> (getDeviceIds()) compared to only the length of such a list (which would be
>> getNumDevices()).
>
> Not so.  Fingerprinting pertains to the ability of the same tracker
> bug being implanted in the two different sites in order to correlate
> information about the same browser for the site.  For a single site,
> installing a cookie (or stash something in local storage) provides a
> more stable reference.  As long as every origin receives a different
> identifier for the same device, then a list of identifiers is exactly
> equivalent to getNumDevices().

You're right. We did talk about making the ids origin specific. 
getDeviceIds() does leak a bit more information about your connected 
devices to sites that you've never granted any getUserMedia() 
permissions to. The main use case, as I recall it, was to let trusted 
sites reuse a device configuration known to work.

/Adam
Received on Tuesday, 11 December 2012 05:49:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:13 UTC