Re: [webrtc-pc] `getCapabilities` seems to leak hardware capabilities w/o a permission (#2460) from Dominique Hazael-Massieux via GitHub on 2020-02-05 (public-webrtc-logs@w3.org from February 2020)

From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
Date: Wed, 05 Feb 2020 07:45:08 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-582281512-1580888706-sysbot+gh@w3.org>

The spec already has the [following text about `getCapabilities`](https://w3c.github.io/webrtc-pc/webrtc.html#methods-6):
> These capabilities provide generally persistent cross-origin information on the device and thus increases the fingerprinting surface of the application. In privacy-sensitive contexts, browsers can consider mitigations such as reporting only a common subset of the capabilities.

-- 
GitHub Notification of comment by dontcallmedom
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2460#issuecomment-582281512 using your GitHub account

Received on Wednesday, 5 February 2020 07:45:10 UTC