- From: Tim Panton via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Jun 2022 21:53:37 +0000
- To: public-webrtc-logs@w3.org
To be clear, my second point is about the threat of a theoretical VC service that uses the arrival of cropTarget UUIDs as a way of collecting usage data on its competitor's other apps (say slideshow apps) - especially interestingly of users who _don't_ use the VC app, but the slideshow vendor still has to send cropTargetUUIDs _anyway_ on the off chance that the user might use the VC app. It doesn't need to actually apply the UUIDs in a live capture, it still gets usage data. (Yes one could spam the service with fake UUIDs to prevent the stats being accurate, but that's a road I'd rather avoid). The existence of cropTargets as UUIDs enables this risk in a way that an opaque token prevents. -- GitHub Notification of comment by steely-glint Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/46#issuecomment-1165969925 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 June 2022 21:53:39 UTC