- From: youennf via GitHub <sysbot+gh@w3.org>
- Date: Thu, 20 Aug 2020 08:27:34 +0000
- To: public-webrtc-logs@w3.org
> @youennf Exposing PTZ camera capabilities regardless of the PTZ permission status would increase fingerprinting. We should look at whether it is an issue with regards to passive and active fingerprinting. We do not want to increase passive fingerprinting. Since PTZ setups are not widespread, it would be terrible to expose this capability without some kind of permission. MediaStreamTrack.getCapabilities is not possible since there is no capture track in that case. InputDeviceInfo.getCapabilities() should return an empty dictionary as per spec, so PTZ will not leak whatever the PTZ permission. As of active fingerprinting (i.e. page is using the PTZ camera as a regular camera), we have some precedents to expose PTZ capabilities: - Camera max resolution and frame rate are exposed - In case a headset microphone is in use, the corresponding audiooutput device is exposed to the web without additional permission - Camera device label is exposed and potentially leaks the exact device model -- GitHub Notification of comment by youennf Please view or discuss this issue at https://github.com/w3c/mediacapture-image/pull/250#issuecomment-677456535 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 20 August 2020 08:27:36 UTC