Re: [webrtc-svc] `getCapabilities` seems to leak hardware capabilities w/o a permission (#22) from Shivan Kaul Sahib via GitHub on 2020-07-02 (public-webrtc-logs@w3.org from July 2020)

From: Shivan Kaul Sahib via GitHub <sysbot+gh@w3.org>
Date: Thu, 02 Jul 2020 16:56:53 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-653119423-1593709012-sysbot+gh@w3.org>

IMO this issue should be opened - from the discussion here and in https://github.com/w3c/webrtc-pc/issues/2460, it does seem like there is a (weak, for now) fingerprinting signal that is added by this spec as it adds more (potential) info to a known fingerprinting vector. If we decide to put a permission gate on `getCapabilities()` there then this would be mitigated, but until then/if not, this is an issue that needs to be resolved with this spec. So it is very much an open question on this spec.

I'm happy to open up a new issue but would rather not muddy up the discussion, so it would be best if we could re-open this one. 

-- 
GitHub Notification of comment by ShivanKaul
Please view or discuss this issue at https://github.com/w3c/webrtc-svc/issues/22#issuecomment-653119423 using your GitHub account

Received on Thursday, 2 July 2020 16:56:55 UTC