On 2012-12-10 18:44, Martin Thomson wrote: > On 9 December 2012 22:47, Adam Bergkvist <adam.bergkvist@ericsson.com> wrote: >> The fingerprinting surface is obviously greater if we expose a list of ids >> (getDeviceIds()) compared to only the length of such a list (which would be >> getNumDevices()). > > Not so. Fingerprinting pertains to the ability of the same tracker > bug being implanted in the two different sites in order to correlate > information about the same browser for the site. For a single site, > installing a cookie (or stash something in local storage) provides a > more stable reference. As long as every origin receives a different > identifier for the same device, then a list of identifiers is exactly > equivalent to getNumDevices(). You're right. We did talk about making the ids origin specific. getDeviceIds() does leak a bit more information about your connected devices to sites that you've never granted any getUserMedia() permissions to. The main use case, as I recall it, was to let trusted sites reuse a device configuration known to work. /AdamReceived on Tuesday, 11 December 2012 05:49:56 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:13 UTC