- From: Joe Berkovitz <joe@noteflight.com>
- Date: Mon, 6 Jul 2015 14:12:25 -0400
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Harald Alvestrand <harald@alvestrand.no>, public-media-capture@w3.org
- Message-ID: <CA+ojG-YF3PGmb2+bWvyyTRnpaMY5MJtuKYxn-YYrAOe5SzU-vw@mail.gmail.com>
Would this be identical to the filtered-vs-unfiltered-results criterion used by enumerateDevices() to determine the inclusion of labels, etc.? It seems logical to me that it would be exactly the same, since the aim in both places is to defeat fingerprinting. On Sat, Jul 4, 2015 at 3:35 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On Jul 4, 2015 3:01 AM, "Harald Alvestrand" <harald@alvestrand.no> wrote: > > Seems good on first glance. Does the persistence last until cookies are > > cleared? > > Yes. All persisted site data needs to share fate with cookies, at least > the new stuff. > > > The only privacy consideration I can think of is that an origin can tell > > whether or not the user has (since last cookie clearing) given > > permission for any device in the past; I can't see an attack offhand > > that can be launched based on that information that wouldn't also be > > launchable by setting a cookie. > > We do have some inconsistency between different pieces of state. I believe > that Firefox maintains history, cookies, and permissions separately. > > A naive implementation should be ok though. If the persisted state is > dropped, but the permissions retained, the identifiers will be unstable > until the API is used again. If that sounds like a problem, I don't think > so, given how likely that is in practice. > -- . . . . . ...Joe *Joe Berkovitz* President *Noteflight LLC* 49R Day Street / Somerville, MA 02144 / USA phone: +1 978 314 6271 www.noteflight.com "Your music, everywhere"
Received on Monday, 6 July 2015 18:12:53 UTC