Here is an alternative version of the attack you proposed, which would not require any CropTarget. It works equally well with today's means: * Demand that all sites be watermarked with some pixel-pattern that is unique, machine-readable, and not human-readable. * Give degraded service to all sites that have not posted this identifier to the video-conferencing service. * Collect tracking-data the same way you would have with the CropTarget UUIDs. So we can see that the (unlikely) attack was equally possible without CropTarget serialization. (Unsurprisingly, it's never been employed.) Since this attack is equally technically feasible with/without serialization, I believe we can now forget about this concern. -- GitHub Notification of comment by eladalon1983 Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/46#issuecomment-1166239345 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Saturday, 25 June 2022 09:24:46 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:57 UTC