Re: [mediacapture-region] Should we support strings in addition or in lieu of opaque identifiers? (#46)

To be clear, my second point is about the threat of a theoretical VC service that uses the arrival of cropTarget UUIDs as a way of collecting usage data on its competitor's other apps (say slideshow apps) - especially interestingly of users who _don't_ use the VC app, but the slideshow vendor still has to send cropTargetUUIDs _anyway_ on the off chance that the user might use the VC app. It doesn't need to actually apply the UUIDs in a live capture, it still gets usage data.
(Yes one could spam the service with fake UUIDs to prevent the stats being accurate, but that's a road I'd rather avoid). 

The existence of cropTargets as UUIDs enables this risk in a way that an opaque token prevents.

GitHub Notification of comment by steely-glint
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Friday, 24 June 2022 21:53:39 UTC