- From: barryleiba <notifications@github.com>
- Date: Thu, 07 Jun 2018 12:44:07 -0700
- To: w3c/gamepad <gamepad@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/gamepad/issues/73/395541726@github.com>
I'm very much not a fan of product identification strings as they expose privacy issues, security issues, and interoperability issues: -- Privacy: Apart from the persistent identifier that's already been mentioned, the vendor/model/serial sort of information tells any application that can query it about a product the user bought, including an approximation of the date the user bought it (from the serial number). -- Security: Attackers that can get this information can use it to identify vulnerable products that may then be targeted for attacks. -- Interoperability: Such vendor strings encourage development of vendor-specific and even product-specific code to implement custom features and/or work around transient bugs. Such code often inds up going beyond its intended scope and causes difficult-to-debug interoperability problems. If the point here is to simply identify devices to distinguish among, say, multiple game controllers that a user has around, a better solution is to allow the user to give her own names to the devices. The game can then tell the user to "pick up Lucille", or the user can say, "find Mjölnir", and none of the above issues arise. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/gamepad/issues/73#issuecomment-395541726
Received on Thursday, 7 June 2018 19:44:30 UTC