GetUserMedia now Media Capture and Streams - input sought

Dear all.

Further to the informal chairs summary for the 5 December 2013 call, we would like to finalise the privacy review for GetUserMedia (now Media Capture and Streams) [1] before the end of the year.

So this is a little recap for everyone's benefit. 

Please take the time to review the draft specification and send in your comments by 18 December 2013. 
Also, we are looking for volunteers to give feedback on Frank's analysis (particularly Media Capture and Streams experts).

Christine and Tara

----------

Dominique Hazael-Massieux from the Media Capture Task Force gave a very excellent introduction to the draft specification as at 28 March 2013. You can find a summary of the discussion at [2].

Frank Dawson very kindly reviewed the draft using a Privacy Data Life Cycle (PDLC) based assessment. You can find the summary of his detailed assessment at [3]. 

Hannes Tschofenig started a preliminary read-through of the getUserMedia specification. He observed that data minimization may prove difficult to apply in this case because it may affect the audio quality of a conference call. [4]

Thomas Roessler observed that "the sourceIDs look like they are most likely going to be long-lived, high-entropy unique identifiers for a particular device, though dependent on the specific Web application.  These IDs have some likelihood to be usable as unique IDs for the user. He asked the questions: (a) Under what circumstances can these IDs be enumerated? and (b) How large is the attack surface for user re-identification? [5]

[1] http://dev.w3.org/2011/webrtc/editor/getusermedia.html#idl-def-MediaSourceStates
[2] http://lists.w3.org/Archives/Public/public-privacy/2013AprJun/0001.html
[3] http://lists.w3.org/Archives/Public/public-privacy/2013AprJun/0051.html
[4] See http://lists.w3.org/Archives/Public/public-privacy/2013AprJun/0047.html
[5] http://lists.w3.org/Archives/Public/public-privacy/2013OctDec/0026.html

Received on Thursday, 12 December 2013 15:23:58 UTC