W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > January 2019

Re: [mediacapture-main] What constraint name should be exposed in case of a getUserMedia query with multiple failing constraints (#562)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Thu, 24 Jan 2019 20:26:45 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-457343878-1548361604-sysbot+gh@w3.org>
> Return the constraint name that can never be met

I like this one. It addresses the core exploit without breaking the API (the spec does not mandate which constraint to return [1]).

I think we can add something here.

I'd modify the "can never be met" criteria to exclude the *deviceId* constraint, since that one's often the target of probing, and may otherwise "never be met" for removed devices.

Something like: "To mitigate fingerprinting, if more than one required constraint had a fitness distance of infinity, return the one least likely to succeed on any device, but never the *deviceId* constraint."

[[1]](https://w3c.github.io/mediacapture-main/getusermedia.html#dom-mediadevices-getusermedia): *"If* candidateSet *is the empty set, let* failedConstraint *be* ***any*** *required constraint whose fitness distance was infinity for all settings dictionaries examined while executing the SelectSettings algorithm"*.)

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/562#issuecomment-457343878 using your GitHub account
Received on Thursday, 24 January 2019 20:26:46 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 9 October 2019 15:15:01 UTC