W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > June 2022

Re: [mediacapture-region] Should we support strings in addition or in lieu of opaque identifiers? (#46)

From: Tim Panton via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Jun 2022 21:53:37 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-1165969925-1656107616-sysbot+gh@w3.org>
To be clear, my second point is about the threat of a theoretical VC service that uses the arrival of cropTarget UUIDs as a way of collecting usage data on its competitor's other apps (say slideshow apps) - especially interestingly of users who _don't_ use the VC app, but the slideshow vendor still has to send cropTargetUUIDs _anyway_ on the off chance that the user might use the VC app. It doesn't need to actually apply the UUIDs in a live capture, it still gets usage data.
(Yes one could spam the service with fake UUIDs to prevent the stats being accurate, but that's a road I'd rather avoid). 

The existence of cropTargets as UUIDs enables this risk in a way that an opaque token prevents.

GitHub Notification of comment by steely-glint
Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/46#issuecomment-1165969925 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 June 2022 21:53:39 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:57 UTC