- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Wed, 11 Dec 2013 19:22:09 +0000
- To: Jan-Ivar Bruaroey <jib@mozilla.com>, Eric Rescorla <ekr@rtfm.com>, "Adam Bergkvist" <adam.bergkvist@ericsson.com>
- CC: Jim Barnett <Jim.Barnett@genesyslab.com>, Martin Thomson <martin.thomson@gmail.com>, "Cullen Jennings (fluffy)" <fluffy@cisco.com>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 2013-12-11 19:17, Jan-Ivar Bruaroey wrote: > On 12/11/13 5:27 AM, Eric Rescorla wrote: >> On Wed, Dec 11, 2013 at 6:16 PM, Adam Bergkvist >> <adam.bergkvist@ericsson.com> wrote: >>> I think there's more to this than only protecting against fingerprinting. >> Perhaps, but the only argument I have heard for why this needs to >> be a specification requirement is fingerprinting. > > We're adding to the pool of hardware information being disclosed quite significantly. The fingerprint-battle-is-lost argument seems to assume no inherent value in this additional information, other than to produce a finer print. In general I would say the more you know, the more you know. At what point does it become about the privacy lost from the information itself? > > Quiz (yes / no): > > Is it reasonable for all webpages to know I have a camera? > Is it reasonable for all webpages to know what cameras I have? > Is it reasonable for all webpages to know how I've configured my cameras? Addition: Is it reasonable for all webpages to know how my cameras can be configured (or their capabilities)? (by doing the 20 question trick) For the first question I guess we are already allowing any webpage to find out how many cameras there are (via the static getSources - which for some reason is missing in the latest Ed's draft). But it wouldn't find out anything more.
Received on Wednesday, 11 December 2013 19:22:33 UTC