Re: [mediacapture-region] Should we support strings in addition or in lieu of opaque identifiers? (#46)

Here is an alternative version of the attack you proposed, which would not require any CropTarget. It works equally well with today's means:
* Demand that all sites be watermarked with some pixel-pattern that is unique, machine-readable, and not human-readable.
* Give degraded service to all sites that have not posted this identifier to the video-conferencing service.
* Collect tracking-data the same way you would have with the CropTarget UUIDs.

So we can see that the (unlikely) attack was equally possible without CropTarget serialization. (Unsurprisingly, it's never been employed.) Since this attack is equally technically feasible with/without serialization, I believe we can now forget about this concern.

GitHub Notification of comment by eladalon1983
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Saturday, 25 June 2022 09:24:46 UTC