- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Mon, 17 Aug 2015 12:43:58 +0200
- To: "public-media-capture@w3.org" <public-media-capture@w3.org>
Hi,
As part of the reviews we got on the Media Capture and Streams specs, we
received a request to provide answers to the W3C TAG self-review
questionnaire for privacy and security:
https://github.com/w3c/mediacapture-main/issues/212
https://w3ctag.github.io/security-questionnaire/
I took a first stab at providing answers in a pull request that would
add those as an appendix to the spec:
https://github.com/w3c/mediacapture-main/pull/231/files
I'm copying the questions/answers here as well to facilitate discussion;
note in particular that I'm not sure what (if any) guidance we should
give on the "incognito" mode of operation for getUserMedia.
Also, if my answers are a correct representation of the specification
impact, we probably should update the "privacy and security
considerations" to reflect some of the points that the questions raise.
* Does this specification deal with personally-identifiable information?
Video and audio captured using this API provides
personally-identifiable information.
* Does this specification deal with high-value data?
Not beyond the one identified above.
* Does this specification introduce new state for an origin that
persists across browsing sessions?
Yes: information on available media input and out devices, in
particular deviceId, exposed in MediaDeviceInfo, persists across
browsing sessions. In addition, the information described in the answer
to the next question is also available in the single-origin case.
* Does this specification expose persistent, cross-origin state to the web?
The number and grouping of media devices provided by
navigator.mediaDevices.enumerateDevices() persist across browsing
sessions and origins.
Device labels exposed by MediaDeviceInfo once the user has granted
access to one of their capture devices persist across browsing sessions
and origins.
MediaTrackCapabilities exposed by MediaStreamTrack.getCapabilities
(after the user has granted access to a particular device) are in
general also persistent across browsing sessions and origins.
* Does this specification expose any other data to an origin that it
doesn’t currently have access to?
No.
* Does this specification enable new script execution/loading mechanisms?
No.
* Does this specification allow an origin access to a user’s location?
The video and audio captured via getUserMedia can presumably be
used in some cases to identify one's user location.
* Does this specification allow an origin access to sensors on a user’s
device?
Yes, it allows access to the camera and microphone.
* Does this specification allow an origin access to aspects of a user’s
local computing environment?
Yes, it allows access to the list of available media devices
without user consent; it also allows access to more detailed information
about these media devices after the user has granted access to one of
these devices for media capture.
* Does this specification allow an origin access to other devices?
While some cameras and microphones that this specification gives
access to will be separate devices, the specification doesn't expose
this distinction, nor does it expose new ways of interacting with these
devices..
* Does this specification allow an origin some measure of control over a
user agent’s native UI?
No.
* Does this specification expose temporary identifiers to the web?
MediaDeviceInfo.groupId?
* Does this specification distinguish between behavior in first-party
and third-party contexts?
No.
* How should this specification work in the context of a user agent’s
"incognito" mode?
TBD
* Does this specification persist data to a user’s local device?
Yes, deviceId is persisted on the user’s local device; the
specification requires that data to be cleared along with other browsing
data.
* Does this specification have a "Security Considerations" and "Privacy
Considerations" section?
Yes.
* Does this specification allow downgrading default security
characteristics?
No.
Dom
Received on Monday, 17 August 2015 10:44:09 UTC