Re: [webrtc-pc] `getCapabilities` seems to leak hardware capabilities w/o a permission (#2460) from Jan-Ivar Bruaroey via GitHub on 2020-02-20 (public-webrtc-logs@w3.org from February 2020)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Thu, 20 Feb 2020 15:16:34 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-589106894-1582211793-sysbot+gh@w3.org>

> Also note that this relates to createOffer() and createAnswer() as well, which will list all the codec capabilities in the SDP as well even if you don't use this API.

[createOffer](https://w3c.github.io/webrtc-pc/#dom-rtcpeerconnection-createoffer) already says: _"In privacy-sensitive contexts, browsers can consider mitigations such as generating SDP matching only a common subset of the capabilities."_

getCapabilities in the spec should perhaps at least refer to that.

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2460#issuecomment-589106894 using your GitHub account

Received on Thursday, 20 February 2020 15:16:39 UTC