My 2 cents:
I would like to see a separate permissions request for device enum which
would solve all fingerprinting issues. A getUserMedia permissions request
would also grant device enum rights but obviously not the other way around.
Without a granted device enum permissions request the web app should not
even be able to see the number of devices.
The current idea that one has to call getUserMedia before getting all info
from device enum feels very wonky to me is is not compelling from an user
perspective.
The obvious drawback to my suggestion is that in some cases the user will
be presented with dual permissions requests.
/Tommy
On Fri, Aug 16, 2013 at 1:20 PM, Harald Alvestrand <hta@google.com> wrote:
> I think the conclusion on the same subject for input devices was that
> giving the drive-by web the ability to tell the number of devices you have
> and of what type (video/audio) was a reasonable compromise between the fear
> of fingerprinting and the desire for sensible user interfaces.
>
> I hope we can make the same call for output devices; having those be
> different would, I think, be confusing to the developer and to the user.
>
> As for "details": Agreed.
>
>
> On Fri, Aug 16, 2013 at 12:51 PM, Robert O'Callahan <robert@ocallahan.org>wrote:
>
>> On Fri, Aug 16, 2013 at 10:37 PM, Tommi <tommi@google.com> wrote:
>>
>>> On Fri, Aug 16, 2013 at 4:15 AM, Robert O'Callahan <robert@ocallahan.org
>>> > wrote:
>>>
>> Any kind of device enumeration creates privacy issues which a "logical
>>>> output device" approach simply doesn't have.
>>>>
>>>
>>> Can you clarify exactly what privacy issues you're thinking of? There
>>> are pros and cons on both sides so it's easier to discuss specifics to see
>>> if things are solvable or not.
>>>
>>
>> Handing over the details of every available audio device to every Web
>> site the user visits would make a good vector for user tracking and
>> profiling.
>>
>> Rob
>> --
>> Jtehsauts tshaei dS,o n" Wohfy Mdaon yhoaus eanuttehrotraiitny eovni
>> le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o Whhei csha iids teoa
>> stiheer :p atroa lsyazye,d 'mYaonu,r "sGients uapr,e tfaokreg iyvoeunr,
>> 'm aotr atnod sgaoy ,h o'mGee.t" uTph eann dt hwea lmka'n? gBoutt uIp
>> waanndt wyeonut thoo mken.o w *
>> *
>>
>
>