W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > July 2019

Re: [mediacapture-main] fixed, per origin, device ID creates tracking risk (#607)

From: youennf via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Jul 2019 00:03:54 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-509854339-1562717033-sysbot+gh@w3.org>
> But, a bigger question: why do you need the keying at all: why not just use something other than unique device ids. What would be _lost_ in the first suggest in the issue? Worst case, the user would need to re-grant a permission when their media set up changes. Seems reasonable? :)

The question is not really about permission.
The major usecase for deviceIds is for the user to do camera/microphone selection once. The website will be able to select again the same devices using deviceIds at next user visit.

The web engine could also remember on its own the user selection and the website could opt-in with a deviceId like 'same-as-last-visit'. If we envision scenarios with multiple cameras/microphones, this probably does not work. Websites might also want to set up multiple audio routes, say for notification and regular media playback.

Anther thing to bear in mind is that device ID values are not the only privacy threat. The number of cameras, microphones or output speakers can help identifying users as well. Safari mitigates this issue by exposing device IDs after getUserMedia is granted (through a prompt). So far, this seems to be web compatible, at least for microphones and cameras.

-- 
GitHub Notification of comment by youennf
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/607#issuecomment-509854339 using your GitHub account
Received on Wednesday, 10 July 2019 00:03:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:22:25 UTC