Re: [mediacapture-main] getUserMedia can be used to detect capabilities without permissions (#697) from Jan-Ivar Bruaroey via GitHub on 2020-06-18 (public-webrtc-logs@w3.org from June 2020)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 Jun 2020 14:08:14 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-646043009-1592489293-sysbot+gh@w3.org>

We've discussed this in the past, and we decided trackers would not risk a prompt.

In the [spec](https://w3c.github.io/mediacapture-main/getusermedia.html#dom-mediadevices-getusermedia), we neutered the `error.contraint` property ahead of permission to mitigate the attack where multiple failing constraints are used: *"Run the ApplyConstraints algorithm on all tracks in stream with the appropriate constraints. Should this fail, let failedConstraint be the result of the algorithm that failed if device information can be exposed is true, or undefined otherwise"*

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/697#issuecomment-646043009 using your GitHub account

Received on Thursday, 18 June 2020 14:08:16 UTC