W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > July 2019

Re: [mediacapture-main] fixed, per origin, device ID creates tracking risk (#607)

From: youennf via GitHub <sysbot+gh@w3.org>
Date: Wed, 24 Jul 2019 21:27:08 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-514806623-1564003627-sysbot+gh@w3.org>
> We might be saying the same thing here, but my point is that "if double keying isn't standardized somewhere else" (as it currently isn't) then it needs to be specified here, even if that text ends up being made redundant by future work.

The spec should probably describe this issue. It could recommend to use partitioning and/or some other mitigations.
It seems difficult right now to mandate partitioning if IndexedDB is not partitioned for instance.
This might not provide much benefit and might break valid websites using a WebRTC SDK iframe.

> In Firefox, we're considering [some mitigations for enumerateDevices pre-gUM-grant](https://bugzilla.mozilla.org/show_bug.cgi?id=1528042) but those are motivated more by the actual user system bits exposed, like number of cameras and number of microphones, not the id.

These mitigations might make partitioning less of an issue.
Since there seems to be interest in these mitigations, it makes sense to describe these mitigations.
The spec could describe, recommend or even mandate them.

GitHub Notification of comment by youennf
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/607#issuecomment-514806623 using your GitHub account
Received on Wednesday, 24 July 2019 21:27:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:22:25 UTC