Re: Request for feedback: Media Capture and Streams Last Call

Would this be identical to the filtered-vs-unfiltered-results criterion
used by enumerateDevices() to determine the inclusion of labels, etc.? It
seems logical to me that it would be exactly the same, since the aim in
both places is to defeat fingerprinting.

On Sat, Jul 4, 2015 at 3:35 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

>
> On Jul 4, 2015 3:01 AM, "Harald Alvestrand" <harald@alvestrand.no> wrote:
> > Seems good on first glance. Does the persistence last until cookies are
> > cleared?
>
> Yes. All persisted site data needs to share fate with cookies, at least
> the new stuff.
>
> > The only privacy consideration I can think of is that an origin can tell
> > whether or not the user has (since last cookie clearing) given
> > permission for any device in the past; I can't see an attack offhand
> > that can be launched based on that information that wouldn't also be
> > launchable by setting a cookie.
>
> We do have some inconsistency between different pieces of state. I believe
> that Firefox maintains history, cookies, and permissions separately.
>
> A naive implementation should be ok though. If the persisted state is
> dropped, but the permissions retained, the identifiers will be unstable
> until the API is used again. If that sounds like a problem, I don't think
> so, given how likely that is in practice.
>



-- 
.            .       .    .  . ...Joe

*Joe Berkovitz*
President

*Noteflight LLC*
49R Day Street / Somerville, MA 02144 / USA
phone: +1 978 314 6271
www.noteflight.com
"Your music, everywhere"

Received on Monday, 6 July 2015 18:12:53 UTC