- From: pes via GitHub <sysbot+gh@w3.org>
- Date: Tue, 12 Nov 2019 21:05:17 +0000
- To: public-webrtc-logs@w3.org
> In the current context with the existing MediaCapabilities API, WebGL, and WebRTC stats, I don't see how this adds any new information to be used for fingerprinting. It just packages it in a format that is more convenient for web creators using WebRTC. I don't understand the claim here. Is this value available elsewhere? If so, then you can expect at some point we will try to gate it, under the broader goal of isolating pages from hardware capabilities w/o specific opt-in / permission / similar > Instead of gating each call to a function that could be used for fingerprinting, I think that the concept of a privacy budget is much more appealing. 1) Privacy Budget in general does not have sufficient detail to evaluate as a finger printing defense 2) I (and many others on PING) are extremely skeptical that the idea of privacy budgets are a useful, practical defense against fingerprinting (feel free to [read here for more details if you would like](https://brave.com/brave-fingerprinting-and-privacy-budgets/), where i've summarized. The relevant part is the "Dynamic Privacy Budgets, And Where They Fail" section, not the Brave parts 3) even if there was a privacy budget situation, we would still need to be extremely cautious about what new budget-exhausting behavior was on the platform. "Privacy budget" doesn't mean we don't try to remove FP surface where it exists -- GitHub Notification of comment by snyderp Please view or discuss this issue at https://github.com/w3c/webrtc-pc/pull/2356#issuecomment-553113802 using your GitHub account
Received on Tuesday, 12 November 2019 21:05:19 UTC