Re: Web Audio API for review

On 30 November 2017 at 10:39, Chris Lilley <> wrote:
> Audio WG requests privacy review of the Web Audio API


Does this specification expose any other data to an origin that it
doesn’t currently have access to?

Yes. When giving various information on available AudioNodes, the Web
Audio API potentially exposes information on characteristic features
of the client (such as audio hardware sample-rate) to any page that
makes use of the AudioNode interface. Additionally, timing information
can be collected through the AnalyserNode or ScriptProcessorNode
interface. The information could subsequently be used to create a
fingerprint of the client.


If a UA wanted to report generic information for a user, effectively
lying about audio hardware sample-rate and the rest) so that every
user presented the same data to prevent fingerprinting - are you able
to recommend sensible defaults in the draft? Or what a UA should
consider when choosing sensible defaults?


Received on Thursday, 30 November 2017 18:15:55 UTC