- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Thu, 14 Feb 2019 21:38:59 +0000
- To: public-webrtc-logs@w3.org
> For instance, by mixing width constraint with deviceId constraint, a script could potentially distinguish cases like 720p vs 1080p cameras with no prompt triggered: Great point! The "never return deviceId"-part of the PR is flawed. (link to [demo](https://jsfiddle.net/jib1/n0scjq18/) again). > "User agents MAY tamper the value of failedConstraint as a fingerprinting mitigation". I agree we should shoot for a more general statement like that. Not leaking information here may require UA smarts beyond what we want to write in stone in a spec. However, we should probably be clear whether "tamper" extends to returning no name at all, which may be controversial (in today's spec, `error.constraint == ""` means *"you're getting close"*, i.e. none of the required constraints used would fail by themselves), it's solely a "combination failure". -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/pull/564#issuecomment-463808861 using your GitHub account
Received on Thursday, 14 February 2019 21:39:01 UTC