Re: [mediacapture-main] fixed, per origin, device ID creates tracking risk (#607) from Jan-Ivar Bruaroey via GitHub on 2019-07-24 (public-webrtc-logs@w3.org from July 2019)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Wed, 24 Jul 2019 23:32:50 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-514837054-1564011169-sysbot+gh@w3.org>

> frame A sets cookie C on day 3. Lifetime is capped by client to 7 days

You mean only lifetime of C is capped here? Or does this extend B's lifetime? I'll assume the former.

> What is the the state of the device Ids on day 7, 8 and 14?

Cleared on day 9 (7 days after first creation), if I got your cookie logic right.

> Can you clarify if there is a functionality loss by one of the more privacy preserving alternatives?

The point of the deviceId is to let JS recognize a previously used device even if it's been disconnected and reinserted since last visit.

Double-keying deviceIds without double-keying cookies would break https://github.com/w3c/mediacapture-main/issues/607#issuecomment-514830007.

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/607#issuecomment-514837054 using your GitHub account

Received on Wednesday, 24 July 2019 23:32:52 UTC