Re: Wide Review of MediaStream Image Capture API, Media Capture from DOM Elements API and MediaStream Recording API

Thanks a lot for these reviews!

Br,
Stefan

On 18/01/18 01:11, Nick Doty wrote:
> The Privacy Interest Group discussed these documents on a recent call, and had some questions about the privacy and security considerations.
> 
> In particular, the three documents proposed for Candidate Recommendation status have very different privacy/security considerations sections. Would it make sense to align them and review them consistently?
> 
> MediaStream Recording has no mention of privacy and no privacy or security considerations sections. Issue #122 from last April notes that it would be useful to go through the self-review questionnaire as a starting point, and we agree.
> https://github.com/w3c/mediacapture-record/issues/122 <https://github.com/w3c/mediacapture-record/issues/122>
> We suspect that privacy will be a very germane topic for an API that allows for permanent recording of user video data and would be worth consideration as part of the wide review process, prior to steps like Candidate Recommendation. Current specification and implementation also adds an isTypeSupported method which provides drive-by fingerprinting surface, not currently constrained by user permissions or interaction. The current draft of our Mitigating Browser Fingerprinting guidance may be helpful:
> https://w3c.github.io/fingerprinting-guidance/ <https://w3c.github.io/fingerprinting-guidance/>
> 
> MediaStream Image Capture primarily refers to getUserMedia for security/privacy considerations. There is at least one mention in the spec about a fingerprinting surface mitigation (in using ranges on image height and width), but I'm not clear on the particular risk and its mitigation. Do the other capabilities and constrainable properties also add to fingerprinting surface? Is EXIF data (mentioned in the privacy considerations section) specified by this document? Would that also be relevant to the MediaStream Recording API?
> 
>  From Element has its own developed privacy considerations section, particularly focused on origin separation. Is it expected that handling origin separation is to be handled by implementors or is there best practices or implementation guidelines that will be provided?  If the latter, is Feature Policy an applicable solution here?
> 
> Cheers,
> Nick, for the Privacy Interest Group (PING)
> 
> CC Privacy Interest Group; I've tried to capture comments from our last call, but others should feel free to chime in with things I've missed or to contribute issues on Github as suggested by the WebRTC Working Group.
> 
>> On Dec 2, 2017, at 12:22 AM, Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com> wrote:
>>
>> Dear Chairs,
>>
>> The WebRTC Working Group is working toward publishing the MediaStream
>> Image Capture API, the Media Capture from DOM Elements API and the
>> MediaStream Recording API as Candidate Recommendations and is therefore
>> seeking review from a variety of groups on the documents:
>>
>> https://w3c.github.io/mediacapture-image/
>> https://w3c.github.io/mediacapture-fromelement/
>> https://w3c.github.io/mediacapture-record/
>>
>> We have contacted a number of groups with specific request for feedback,
>> but also welcome feedback from any other group interested in doing so.
>>
>> We would appreciate to receive feedback before January 12, 2018. We hope
>> to request transition to Candidate Recommendation early next year for
>> all the documents.
>>
>> If you have any comments, we prefer that you submit them as Github
>> issues to:
>>
>> https://github.com/w3c/mediacapture-image/issues
>> https://github.com/w3c/mediacapture-fromelement/issues
>> https://github.com/w3c/mediacapture-record/issues
>>
>> respectively.
>>
>> Alternatively, you can send your comments by email to
>> public-mediacapture@w3.org.
>>
>> Thanks,
>> For the WebRTC chairs,
>> Stefan Hakansson
>>
>>
> 
> 


Received on Wednesday, 24 January 2018 10:24:29 UTC