Re: [mediacapture-main] Stop recommending UUID for deviceId/groupId (#682)

> This seems like something browsers should fix. … If browsers can detect sites without storage they should rotate deviceIds

Im not sure what you mean.  There are an infinitely diverse number of reasons browser extensions will modify storage; increasingly browsers are doing so too.  Sometimes they might delete all storage, sometimes they may delete or modify some storage values and not others.

My point is that spec seems to imagine there are only two cases a) browser clears all storage, b) storage as usual.  My point is that there are many situations in between, and an increasing number, where browsers do storage-related interventions above nothing, but below "clear everything", and in those those cases having highly identifying identifiers is where the privacy harm occurs.

The two solutions I can see are to either a) be more specific about when deviceIds should be rotated, or b) make the deviceIds less identifying. I've been suggesting "B" since it seems much easier of the two, but if you think "A" is the better path, that could work too

-- 
GitHub Notification of comment by pes10k
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/682#issuecomment-619271576 using your GitHub account

Received on Friday, 24 April 2020 22:55:04 UTC