W3C home > Mailing lists > Public > public-media-capture@w3.org > August 2015

TAG self-review questionnaire

From: Dominique Hazael-Massieux <dom@w3.org>
Date: Mon, 17 Aug 2015 12:43:58 +0200
Message-ID: <55D1BAEE.8030900@w3.org>
To: "public-media-capture@w3.org" <public-media-capture@w3.org>
Hi,

As part of the reviews we got on the Media Capture and Streams specs, we 
received a request to provide answers to the W3C TAG self-review 
questionnaire for privacy and security:
https://github.com/w3c/mediacapture-main/issues/212
https://w3ctag.github.io/security-questionnaire/

I took a first stab at providing answers in a pull request that would 
add those as an appendix to the spec:
https://github.com/w3c/mediacapture-main/pull/231/files

I'm copying the questions/answers here as well to facilitate discussion; 
note in particular that I'm not sure what (if any) guidance we should 
give on the "incognito" mode of operation for getUserMedia.

Also, if my answers are a correct representation of the specification 
impact, we probably should update the "privacy and security 
considerations" to reflect some of the points that the questions raise.



* Does this specification deal with personally-identifiable information?

     Video and audio captured using this API provides 
personally-identifiable information.

* Does this specification deal with high-value data?

     Not beyond the one identified above.

* Does this specification introduce new state for an origin that 
persists across browsing sessions?

     Yes: information on available media input and out devices, in 
particular deviceId, exposed in MediaDeviceInfo, persists across 
browsing sessions. In addition, the information described in the answer 
to the next question is also available in the single-origin case.

* Does this specification expose persistent, cross-origin state to the web?

     The number and grouping of media devices provided by 
navigator.mediaDevices.enumerateDevices() persist across browsing 
sessions and origins.

     Device labels exposed by MediaDeviceInfo once the user has granted 
access to one of their capture devices persist across browsing sessions 
and origins.

     MediaTrackCapabilities exposed by MediaStreamTrack.getCapabilities 
(after the user has granted access to a particular device) are in 
general also persistent across browsing sessions and origins.

* Does this specification expose any other data to an origin that it 
doesn’t currently have access to?

     No.

* Does this specification enable new script execution/loading mechanisms?

     No.

* Does this specification allow an origin access to a user’s location?

     The video and audio captured via getUserMedia can presumably be 
used in some cases to identify one's user location.

* Does this specification allow an origin access to sensors on a user’s 
device?

     Yes, it allows access to the camera and microphone.

* Does this specification allow an origin access to aspects of a user’s 
local computing environment?

     Yes, it allows access to the list of available media devices 
without user consent; it also allows access to more detailed information 
about these media devices after the user has granted access to one of 
these devices for media capture.

* Does this specification allow an origin access to other devices?

     While some cameras and microphones that this specification gives 
access to will be separate devices, the specification doesn't expose 
this distinction, nor does it expose new ways of interacting with these 
devices..

* Does this specification allow an origin some measure of control over a 
user agent’s native UI?

     No.

* Does this specification expose temporary identifiers to the web?

     MediaDeviceInfo.groupId?

* Does this specification distinguish between behavior in first-party 
and third-party contexts?

     No.

* How should this specification work in the context of a user agent’s 
"incognito" mode?

     TBD

* Does this specification persist data to a user’s local device?

     Yes, deviceId is persisted on the user’s local device; the 
specification requires that data to be cleared along with other browsing 
data.

* Does this specification have a "Security Considerations" and "Privacy 
Considerations" section?

     Yes.

* Does this specification allow downgrading default security 
characteristics?

     No.

Dom
Received on Monday, 17 August 2015 10:44:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:33 UTC