Re: [mediacapture-main] Mitigate fingerprinting from OverconstrainedError in gUM(). (#564)

> For instance, by mixing width constraint with deviceId constraint, a script could potentially distinguish cases like 720p vs 1080p cameras with no prompt triggered:

Great point! The "never return deviceId"-part of the PR is flawed. (link to [demo](https://jsfiddle.net/jib1/n0scjq18/) again).

> "User agents MAY tamper the value of failedConstraint as a fingerprinting mitigation".

I agree we should shoot for a more general statement like that. Not leaking information here may require UA smarts beyond what we want to write in stone in a spec.

However, we should probably be clear whether "tamper" extends to returning no name at all, which may be controversial (in today's spec,  `error.constraint == ""` means *"you're getting close"*, i.e. none of the required constraints used would fail by themselves), it's solely a "combination failure".

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/pull/564#issuecomment-463808861 using your GitHub account

Received on Thursday, 14 February 2019 21:39:01 UTC