W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > July 2019

Re: [mediacapture-main] fixed, per origin, device ID creates tracking risk (#607)

From: pes via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Jul 2019 19:36:33 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-510198633-1562787392-sysbot+gh@w3.org>
> The question is not really about permission.
The major usecase for deviceIds is for the user to do camera/microphone selection once. The website will be able to select again the same devices using deviceIds at next user visit.

Totally agree.  I only meant to suggest a different way of having the ability for sites to say "i want x and y that I was allowed to access before, again", w/o consistent unique identifiers (which, AFAIK, totally unique in the WebAPI).

> Anther thing to bear in mind is that device ID values are not the only privacy threat. The number of cameras, microphones or output speakers can help identifying users as well. Safari mitigates this issue by exposing device IDs after getUserMedia is granted (through a prompt). So far, this seems to be web compatible, at least for microphones and cameras.

This is a great point! :)  This should also be worked into the spec as default behavor.  Privacy preserving w/o breaking expected use cases.  Would you accept a PR?

-- 
GitHub Notification of comment by snyderp
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/607#issuecomment-510198633 using your GitHub account
Received on Wednesday, 10 July 2019 19:36:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:22:25 UTC