[mediacapture-main] fixed, per origin, device ID creates tracking risk (#607) from pes via GitHub on 2019-07-09 (public-webrtc-logs@w3.org from July 2019)

From: pes via GitHub <sysbot+gh@w3.org>
Date: Tue, 09 Jul 2019 19:39:38 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-465951949-1562701174-sysbot+gh@w3.org>

snyderp has just created a new issue for https://github.com/w3c/mediacapture-main:

== fixed, per origin, device ID creates tracking risk ==
Problem:
The presence of fixed device IDs creates a signfigant tracking, privacy risk.  This risk is somewhat mitigated by tying their lifetime to cookies, but this in practice is insufficient, since many privacy systems protect their users w/o clearing cookie stores (e.g. Safari's ITP, Brave enforces a fixed life time on JS set cookies, etc.).

In general, fixed id's are dangerous for privacy.

Possible solution:
One possible way of addressing this issue would be to not use unique ID's but to just number them (1, 2, 3).  The browser could keep track of if the current device set, and if it changes, re-prompt the user for permission if the device set has changed since the site last asked for access.

Alt possible solution:
Double key deviceIds to local, top level frame.  [Prior discussion with PING states that this was completed](https://www.w3.org/2016/03/getusermedia-wide-review.html#ping) but I don't see this anywhere in the spec (which says deviceIds [must be unique by origin](https://w3c.github.io/mediacapture-main/getusermedia.html#device-info), not double keyed).

Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/607 using your GitHub account

Received on Tuesday, 9 July 2019 19:39:40 UTC