Re: Leakage (Re: Requirements on mandatory constraints (ACTION-27))

On 27/11/2013 3:16 AM, Adam Bergkvist wrote:
> On 2013-11-25 20:59, cowwoc wrote:
>> On 25/11/2013 2:37 PM, Martin Thomson wrote:
>>> On 25 November 2013 11:07, cowwoc <cowwoc@bbs.darktech.org> wrote:
>>>> Even if we don't need any extra flexibility, my proposal (allowing
>>>> developers to pass in a filter function) would provide you as much
>>>> flexibility as you'll ever need without the risk of fingerprinting.
>>>> Isn't it
>>>> better to tackle fingerprinting in a more consistent manner as I have
>>>> described? You could reuse this same functionality across all of 
>>>> WebRTC.
>>> Your proposal doesn't change the underlying mathematics of the
>>> situation.  It's merely a way to change the selection process.
>>
>> I don't understand. My proposal was for the browser to "sanitize"
>> user-functions, ensuring that they do not leak fingerprinting
>> information outside of the local computer. This can be implemented by
>> scanning the function ahead of time, or implementing a sandboxing
>> mechanism similar to Java where the browser would deny access to API
>> functions at runtime while executing in sandbox mode. While it is true
>> that I proposed this while discussing getUserMedia() its applications
>> are not limited to the selection process.
>
> This is a quite interesting proposal that would benefit advanced 
> developers greatly. I'm not sure it's something that we should pursue 
> at this point though.
>
> /Adam
>

The question is: how difficult would this be to implement? What 
shortcuts can we take to speed up implementation?

Short-term, we want a function that can only read its arguments and 
return one or more values indicating the device + properties it wishes 
to use. Long-term, we can give this function read-only access to 
non-local variables, the network, etc.

Gili

Received on Wednesday, 27 November 2013 08:56:22 UTC