- From: Joseph Lorenzo Hall <joe@cdt.org>
- Date: Wed, 13 Apr 2016 07:11:24 -0400
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
I thought PING folks may be interested in this issue from the EME speck about limiting access by a CDM to permissions-gated data (CDM = content decryption module; recall that EME is a browser API interface that encrypts and decrypts video frames (for now) by interacting with an opaque binary decryption blob... that's the CDM) best, Joe ---------- Forwarded message ---------- From: ddorwin via GitHub <sysbot+gh@w3.org> Date: Tue, Apr 12, 2016 at 4:30 PM Subject: [encrypted-media] Privacy: Prohibit access/use of sensitive data (e.g. location) by CDMs To: public-html-media@w3.org ddorwin has just created a new issue for https://github.com/w3c/encrypted-media: == Privacy: Prohibit access/use of sensitive data (e.g. location) by CDMs == In https://github.com/w3c/encrypted-media/issues/157#issuecomment-208844577, @mwatson2 says: >For online viewing, services may indeed apply geographic restrictions. ...it is a server function to apply these restrictions, not something that is done by the DRM. This is important to recognize because there would be privacy implications if the CDM could access your location. While we assume the CDM cannot access or use the client's/user's location, I'm not sure it is currently expressly prohibited by the spec. More generally, the CDM should not use (have access to?) or expose data that is not generally available to web applications or is generally protected by a user permission and/or prompt. Location is a primary example, but there are others, both exposed to the web (i.e. user media, such as camera and mic) and not (i.e. LAN details or devices). While the examples above may seem clear cut, the phrasing could be tricky, especially since unsandboxed CDMs often do have such access and some CDMs use, for example, Distinctive Identifiers not otherwise exposed. Note that preventing exposure of such data is not sufficient since even use of them could allow them to be derived (i.e. via a series of licenses). Please view or discuss this issue at https://github.com/w3c/encrypted-media/issues/158 using your GitHub account -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
Received on Wednesday, 13 April 2016 11:12:11 UTC