Re: Device enumeration, Fingerprinting and other privacy risks from Robin Berjon on 2012-10-11 (public-media-capture@w3.org from October 2012)

From: Robin Berjon <robin@w3.org>
Date: Thu, 11 Oct 2012 12:16:41 +0200
To: Rob Manson <roBman@mob-labs.com>
CC: public-media-capture@w3.org
Message-ID: <50769C89.3060204@w3.org>

On 11/10/2012 11:18 , Rob Manson wrote:
> Surely there has to be some limit to this paranoia?
>
> It's quite possible that someone could write code to evaluate the nature
> of the device and peripherals you're using based on the quality and
> intrinsic structure of the photos and video feeds your device generates.
>
> And the frame content can also be used for facial and object recognition
> and all kinds of other clever things.
>
> Someone could even evaluate the audio stream of you talking to work out
> your educational background and probable race and income.
>
> Does this really mean we should prevent devices from generating image
> content because it "could" be used in malicious ways!?

It is of course impossible to produce something useful that can't also 
be used against the user. The whole question is about how easy you make it.

There are plenty of good reasons why a user would want to authorise a 
web site to access her camera. There are also plenty of reasons why it 
would be terribly dangerous to allow web sites to access the camera 
without user consent.

The use cases for device enumeration are far fewer and farther apart 
than those for capturing images. The risks are also lower, but not to be 
disregarded nevertheless. Device enumeration without user consent is 
exactly like making users walk around the street all day every day with 
a t-shirt listing the devices that they own. Device enumeration with 
user consent is less problematic, but it still amounts to walking into a 
shop and telling people how much you earn.

The question is simply: are those things you would do, and are those 
things you would recommend everyone do? Being considerate of users' 
privacy is hardly "paranoia" in my book — but then YMMV.

> Isn't it better for us to educate users about the real security
> implications of the permissions they grant

Simple question: if that works, how come I'm still seeing Nigerian spam?

-- 
Robin Berjon - http://berjon.com/ - @robinberjon

Received on Thursday, 11 October 2012 10:16:46 UTC