Re: [mediacapture-record] Improvements to Privacy & Security Considerations (#196) from youennf via GitHub on 2020-07-02 (public-webrtc-logs@w3.org from July 2020)

From: youennf via GitHub <sysbot+gh@w3.org>
Date: Thu, 02 Jul 2020 09:20:01 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-652893576-1593681600-sysbot+gh@w3.org>

> Most [sources worth recording](https://w3c.github.io/mediacapture-record/MediaRecorder.html#privacy-and-security) (camera, microphone, screen-sharing) are already `SecureContext` and require iframe `allow=`.¹

I am not sure why third-party iframes should be singled out here.
If MediaRecorder needs to be fingerprinting mitigated, it should be done for first party as well as third party iframes.
For instance, nothing prevents a User Agent to strongly limit the available codecs statically (origins) or dynamically (gum called).

As of SecureContext, MediaStreamTrack, MediaStream, WebAudio, Canvas, video elements are not SecureContext for instance.

-- 
GitHub Notification of comment by youennf
Please view or discuss this issue at https://github.com/w3c/mediacapture-record/issues/196#issuecomment-652893576 using your GitHub account

Received on Thursday, 2 July 2020 09:20:03 UTC