Re: Request for feedback: Media Capture and Streams Last Call from Harald Alvestrand on 2015-07-06 (public-media-capture@w3.org from July 2015)

From: Harald Alvestrand <harald@alvestrand.no>
Date: Mon, 06 Jul 2015 20:15:05 +0200
To: Joe Berkovitz <joe@noteflight.com>, Martin Thomson <martin.thomson@gmail.com>
CC: public-media-capture@w3.org
Message-ID: <559AC5A9.4070303@alvestrand.no>

Den 06. juli 2015 20:12, skrev Joe Berkovitz:
> Would this be identical to the filtered-vs-unfiltered-results criterion
> used by enumerateDevices() to determine the inclusion of labels, etc.?
> It seems logical to me that it would be exactly the same, since the aim
> in both places is to defeat fingerprinting.


I would argue strongly that it should be the same.

I don't see a benefit to them being different, and the last thing we
need is a more complex privacy story.

> 
> On Sat, Jul 4, 2015 at 3:35 PM, Martin Thomson <martin.thomson@gmail.com
> <mailto:martin.thomson@gmail.com>> wrote:
> 
> 
>     On Jul 4, 2015 3:01 AM, "Harald Alvestrand" <harald@alvestrand.no
>     <mailto:harald@alvestrand.no>> wrote:
>     > Seems good on first glance. Does the persistence last until cookies are
>     > cleared?
> 
>     Yes. All persisted site data needs to share fate with cookies, at
>     least the new stuff.
> 
>     > The only privacy consideration I can think of is that an origin can tell
>     > whether or not the user has (since last cookie clearing) given
>     > permission for any device in the past; I can't see an attack offhand
>     > that can be launched based on that information that wouldn't also be
>     > launchable by setting a cookie.
> 
>     We do have some inconsistency between different pieces of state. I
>     believe that Firefox maintains history, cookies, and permissions
>     separately.
> 
>     A naive implementation should be ok though. If the persisted state
>     is dropped, but the permissions retained, the identifiers will be
>     unstable until the API is used again. If that sounds like a problem,
>     I don't think so, given how likely that is in practice.
> 
> 
> 
> 
> -- 
> .            .       .    .  . ...Joe
> 
> *Joe Berkovitz*
> President
> 
> *Noteflight LLC*
> 49R Day Street / Somerville, MA 02144 / USA
> phone: +1 978 314 6271
> www.noteflight.com <http://www.noteflight.com>
> "Your music, everywhere"

Received on Monday, 6 July 2015 18:15:38 UTC