W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > June 2020

Re: [mediacapture-main] getUserMedia can be used to detect capabilities without permissions (#697)

From: youennf via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 Jun 2020 07:00:51 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-645821361-1592463649-sysbot+gh@w3.org>
In addition to what Harald said, the fingerprinting script would take the risk to show a prompt to the user, which is probably too risky for the script. To ensure this is annoying enough for such scripts, we make sure that:
- The processing of getUserMedia can only happen in a visible page (so that the prompt can be shown), step 6.1. Processing is delayed for hidden pages until they are visible.
- The error message should not provide any info on which constraint was not met if device info cannot be exposed. It seems we did this in step 6.6 but forgot to do it in step 6.4. We should probably fix this.

AFAIUI, OverconstrainedError is what should be returned according the spec.
Is it a Firefox bug?

GitHub Notification of comment by youennf
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/697#issuecomment-645821361 using your GitHub account
Received on Thursday, 18 June 2020 07:00:52 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:51 UTC