- From: Tom Ritter <tom@ritter.vg>
- Date: Thu, 30 Nov 2017 12:15:02 -0600
- To: Chris Lilley <chris@w3.org>
- Cc: public-privacy@w3.org
On 30 November 2017 at 10:39, Chris Lilley <chris@w3.org> wrote: > Audio WG requests privacy review of the Web Audio API ---- Does this specification expose any other data to an origin that it doesn’t currently have access to? Yes. When giving various information on available AudioNodes, the Web Audio API potentially exposes information on characteristic features of the client (such as audio hardware sample-rate) to any page that makes use of the AudioNode interface. Additionally, timing information can be collected through the AnalyserNode or ScriptProcessorNode interface. The information could subsequently be used to create a fingerprint of the client. ---- If a UA wanted to report generic information for a user, effectively lying about audio hardware sample-rate and the rest) so that every user presented the same data to prevent fingerprinting - are you able to recommend sensible defaults in the draft? Or what a UA should consider when choosing sensible defaults? -tom
Received on Thursday, 30 November 2017 18:15:55 UTC