- From: pes via GitHub <sysbot+gh@w3.org>
- Date: Wed, 08 Apr 2020 21:46:55 +0000
- To: public-webrtc-logs@w3.org
> these integers will end up becoming a tracker for those users I don't believe this is correct. If you are reusing the same identifiers across users, they're by definition not identifying that user :) They're only "identifying" when you already have an identifying key to join against (in which case, all bets are off). The goal of making these less identifying is: 1) to remove more foot guns for vendors who are managing storage for users (for privacy reasons) in ways that aren't easily compatible with the "all or nothing" definitions keyed off in the spec. The different implementations of Storage Access API do this to a degree (especially in storage upgrade cases), Safari's ITP does this in places, Brave does this in places, etc. There are places where storage is cleared / changed, and not having unique identifiers here makes it much easier to reason about the privacy boundaries in such cases (and to prevent the device ids from being the unique key to join tracking session data). 2) In general, we should have a hard line about adding unique identifiers into the platform. This is the only case im aware of where this is, and it would be *very* good to address this too. > the spec now mandates device Ids to only be exposed after the page is capturing This is extremely good news and very appreciated :) -- GitHub Notification of comment by pes10k Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/682#issuecomment-611211614 using your GitHub account
Received on Wednesday, 8 April 2020 21:46:57 UTC