- From: Jan-Ivar Bruaroey <jib@mozilla.com>
- Date: Tue, 8 Oct 2019 16:11:55 -0400
- To: Harald Alvestrand <harald@alvestrand.no>, public-webrtc@w3.org, public-privacy <public-privacy@w3.org>
cc public-privacy <public-privacy@w3.org> On 10/8/19 8:20 AM, Harald Alvestrand wrote: > Den 05.10.2019 06:24, skrev Jan-Ivar Bruaroey: >>> https://w3c.github.io/mediacapture-main/#dom-mediadeviceinfo-deviceid mentions >>> unguessability, but I didn't see a reason why that would be needed. >> I suspect we just meant nondeterministic across origins. >> > My memory says that we wanted to avoid pages learning about devices by > probing into a small ID space. You mean probing using getUserMedia()? That makes sense as having been the concern then. Though put in context, pages could still do that for the super-set of all devices the user has even without valid ids, and most users have one camera (or two on phones, which are already distinguishable using the facingMode constraint). But now, if we're moving toward not exposing deviceIds pre-initial-gUM-grant, (as well as neutering OverconstrainedError's constraint property in this case) then this shouldn't be a concern anymore, I don't think, and we could use smaller ids without this risk. > 1, 2, 3 is a small ID space; UUID space is large enough that one > normally ignores the chance of collision; for unguessability, probably > an ID space on the order of a million distinct IDs is quite large enough. .: Jan-Ivar :.
Received on Tuesday, 8 October 2019 20:11:59 UTC