- From: cowwoc <cowwoc@bbs.darktech.org>
- Date: Wed, 27 Nov 2013 03:55:08 -0500
- To: Adam Bergkvist <adam.bergkvist@ericsson.com>, Martin Thomson <martin.thomson@gmail.com>
- CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 27/11/2013 3:16 AM, Adam Bergkvist wrote: > On 2013-11-25 20:59, cowwoc wrote: >> On 25/11/2013 2:37 PM, Martin Thomson wrote: >>> On 25 November 2013 11:07, cowwoc <cowwoc@bbs.darktech.org> wrote: >>>> Even if we don't need any extra flexibility, my proposal (allowing >>>> developers to pass in a filter function) would provide you as much >>>> flexibility as you'll ever need without the risk of fingerprinting. >>>> Isn't it >>>> better to tackle fingerprinting in a more consistent manner as I have >>>> described? You could reuse this same functionality across all of >>>> WebRTC. >>> Your proposal doesn't change the underlying mathematics of the >>> situation. It's merely a way to change the selection process. >> >> I don't understand. My proposal was for the browser to "sanitize" >> user-functions, ensuring that they do not leak fingerprinting >> information outside of the local computer. This can be implemented by >> scanning the function ahead of time, or implementing a sandboxing >> mechanism similar to Java where the browser would deny access to API >> functions at runtime while executing in sandbox mode. While it is true >> that I proposed this while discussing getUserMedia() its applications >> are not limited to the selection process. > > This is a quite interesting proposal that would benefit advanced > developers greatly. I'm not sure it's something that we should pursue > at this point though. > > /Adam > The question is: how difficult would this be to implement? What shortcuts can we take to speed up implementation? Short-term, we want a function that can only read its arguments and return one or more values indicating the device + properties it wishes to use. Long-term, we can give this function read-only access to non-local variables, the network, etc. Gili
Received on Wednesday, 27 November 2013 08:56:22 UTC