To be clear, my second point is about the threat of a theoretical VC service that uses the arrival of cropTarget UUIDs as a way of collecting usage data on its competitor's other apps (say slideshow apps) - especially interestingly of users who _don't_ use the VC app, but the slideshow vendor still has to send cropTargetUUIDs _anyway_ on the off chance that the user might use the VC app. It doesn't need to actually apply the UUIDs in a live capture, it still gets usage data. (Yes one could spam the service with fake UUIDs to prevent the stats being accurate, but that's a road I'd rather avoid). The existence of cropTargets as UUIDs enables this risk in a way that an opaque token prevents. -- GitHub Notification of comment by steely-glint Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/46#issuecomment-1165969925 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Friday, 24 June 2022 21:53:39 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:57 UTC