- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Thu, 21 Feb 2019 14:14:11 +0000
- To: public-webrtc-logs@w3.org
@alvestrand Yes, in fact I originally wrote that demo to show @youennf *getUserMedia* leaks the same info as *enumerateDevices()* as [he wants to make enumerateDevices() more fingerprint-safe](https://github.com/w3c/mediacapture-main/issues/559#issuecomment-456598662) than today. This [equivalence is a problem](https://github.com/w3c/mediacapture-main/issues/559#issuecomment-456990813) if we want to move the needle on fingerprinting. It may not seem like a problem if we want the spec to stay where it is... *except*: It sometimes leaks more info than *enumerateDevices()*: 1. My demo bypasses *enumerateDevices()'s* [[storedDeviceList]] and time-fuzzing mitigations in browsers that allow *getUserMedia* calls to fulfill in background-tabs without focus. I.e. a background tab can detect fairly accurately when a device is inserted or removed, and time-correlate this across domains, even between regular and private browsing, to identify someone on multiple sites as the same individual. 2. As @youennf showed [above](https://github.com/w3c/mediacapture-main/pull/564#issuecomment-463712683), the same trick can be used to bypass the "empty dictionary" mitigation of [deviceInfo.getCapabilities()](https://w3c.github.io/mediacapture-main/getusermedia.html#dom-inputdeviceinfo-getcapabilities), to leak detailed device information, like width, height and frame-rate, pre-initial-grant. So I claim we need to address this and https://github.com/w3c/mediacapture-main/issues/561, to even keep the needle where we thought it was. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/pull/564#issuecomment-466014183 using your GitHub account
Received on Thursday, 21 February 2019 14:14:12 UTC