Re: Privacy review of WebRTC Scalable Video Coding

Hi Dom, I looked at the documents. Thanks for including helpful links.

Currently, device hardware usually does not provide additional support for
SVC, and a more comprehensive solution to the problem of
`getCapabilities()` leaking hardware info should probably be addressed in
webrtc-pc (https://github.com/w3c/webrtc-pc/issues/2460). I  also
understand that the idea of having a permission for exposing
`getCapabilities()` (more generally) or scalability modes (more
specifically) was not acceptable because it would add confusion for not
much fingerprinting protection.

However, it is also true that underlying hardware could surface additional
information specific to scalability modes.  And while this is a weak
fingerprinting signal today, my take is that - at the very least -
cautionary guidance/discussion around this issue should be included in
webrtc-svc (though it feels a bit iffy to not address the fingerprinting
leak directly and shunt it to a privacy section...). Similar to guidance
for `getCapabilities()` (
https://w3c.github.io/webrtc-pc/webrtc.html#methods-6), perhaps the
guidance here can be for browsers in privacy-conscious contexts to not
expose information about hardware-specific codecs through
`scalabilityModes`.

I note that there was a similar discussion in
https://github.com/w3c/webrtc-svc/issues/22, but that issue was closed and
moved to webrtc-pc.

On Tue, Jun 9, 2020 at 2:16 AM Dominique Hazael-Massieux <dom@w3.org> wrote:

> Dear Privacy Interest Group,
>
> The WebRTC Working Group would like a privacy review of its WebRTC SVC
> specification.
>
> Spec: https://w3c.github.io/webrtc-svc/
> Explainer: https://github.com/w3c/webrtc-svc/blob/master/explainer.md
> Privacy considerations: https://w3c.github.io/webrtc-svc/#privacy-security
> Repo: https://github.com/w3c/webrtc-svc/
>
> Thanks,
>
> Dom
>
>