[webrtc-stats] Stats API should require additional permission / user opt-in (#550)

snyderp has just created a new issue for https://github.com/w3c/webrtc-stats:

== Stats API should require additional permission / user opt-in ==
The stats collected by this API enable two new privacy harms / risks.  This spec should enable the main uses of WebRTC, without automatically exposing these additional risks.

a) Leaking communication / plain text

Prior work (e.g. http://www.cs.unc.edu/~fabian/papers/foniks-oak11.pdf) has shown that you can recreate the plain text content of an encrypted, dTLS encoded audio conversation, based on patterns in packet size, frequency, etc.  The fine level network information exposed by this API seems to be sufficient to re-carry out this attack.  If this is needed for analysis / quality control / etc use, the API should limit it to these special cases (additional permission, for example).

b) Hardware fingerprinting

`decoderImplementation`, the `codec` data point, etc reveal information about the underlying hardware beyond what's identified by `getUserMedia`

Please view or discuss this issue at https://github.com/w3c/webrtc-stats/issues/550 using your GitHub account

Received on Tuesday, 18 February 2020 20:49:12 UTC