Re: [mediacapture-main] Mitigate fingerprinting from OverconstrainedError in gUM(). (#564)

This PR tries to mitigate information leakage in the case enumerateDevices does not stop leaking information.

Even with this PR though, one could silently learn some information about the device setup that cannot be gathered from enumerateDevices.
For instance, by mixing width constraint with deviceId constraint, a script could potentially distinguish cases like 720p vs 1080p cameras with no prompt triggered:
- If constraintName is width (length of failedConstraints is 2), capture at that resolution is not supported.
- If constraintName is deviceId (length of failedConstraints is 1), capture at that resolution is supported.

The fingerprinting statement is good to have.
I wonder whether this is the error that silently gives fingerprint information or just failureConstraint. If it is the latter, we could be more explicit in the statement.

It would be nice to add some mitigation to this fingerprinting, for instance:
"User agents MAY tamper the value of failedConstraint as a fingerprinting mitigation".

GitHub Notification of comment by youennf
Please view or discuss this issue at using your GitHub account

Received on Thursday, 14 February 2019 17:18:48 UTC