- From: guest271314 via GitHub <sysbot+gh@w3.org>
- Date: Tue, 05 May 2020 00:44:01 +0000
- To: public-webrtc-logs@w3.org
As noted by @pes10k at https://github.com/w3c/mediacapture-main/issues/690#issuecomment-623555482 > Sorry, i just don't understand what you're asking, other than to say that the values exposed by enumerateDevices are used as inputs to generating fingerprint-derived identifiers, and for some users will be highly identifying. Hope that helps One solution would be to not expose devices to websites at all. Devices can be exposed to users. The user can then select devices that the website cannot "see" in the form they are now, and grant website permission to generic "audio" or "video" device. A rough concept can take several forms. Consider a `Blob URL`, where, in general, the lifetime of the `Blob URL` is the lifetime of the `document` which created it. When the user executes `getUserMedia()` a prompt is displayed save for the case of enabling fake media streams using flags or preferences. When `enumerateDevices()` is executed the result can be displayed, or accessed only by the user, not the website. The user must always have access to their devices as a list, unless they explicitly set otherwise, which should also be an option. Similar to current `getUserMedia()` and `getDisplayMedia()` prompt. E.g., before any calls to `enumateDevices()` or `getUserMedia()`, etc., the user can execute `setExposedDevicesNames()` which, like `getUserMedia()`, only the user can "see" the prompt, set the selected device(s) to corresponding <any> name or a UUID can be generated, which maps to the real device. The site never gets any of the information currently possible with https://github.com/Valve/fingerprintjs2/blob/master/fingerprint2.js#L332 as there is no reason for a website to have any of that information at all: the website just needs to know the user selected and permission granted-for device(s) are exposed, not their type or configuration - unless the user decides to expose that information explicitly. Though there is little reason to do so. The device will not change, the website has to process whatever media the device is capable of capturing and transmitting anyway. The website only gets "audio", "audioN", "video", "videoN" in the form of a set, "videoN" becomes "video" when "video" is detached, unplugged, permissions revoked, etc. The user gets the complete device names, etc. Or, further, complete device capabilities can be behind a flag; all the site gets is "audio" or "video" device. `setExposedDeviceNames()` => prompt for permission => local dialog/context menu (in general, not captured by `getDisplayMedia()`) => _all_ devices listed => user selects devices to be exposed for session (with option for devices not online, though potentially will be online during session, a reservation of permission grant and possible, though not mandatory exposure or usage) => devices mapped to generic "names" defaulting to "audio", "videoN" or other unique symbols, or custom user name, or the current values, if the user decides to do so, for whatever reason waiving their idea of or presumption of "privacy" and disregarding "tracking", e.g., a `Set` => website _only_ gets "audioN", "video" => `enumerateDevices()` returns "audioN", "video", the user knows the mapping to real devices, there is no reason for the website to know the real names or capabilities by default. -- GitHub Notification of comment by guest271314 Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/646#issuecomment-623782585 using your GitHub account
Received on Tuesday, 5 May 2020 00:44:03 UTC