W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > June 2022

Re: [mediacapture-region] Should we support strings in addition or in lieu of opaque identifiers? (#46)

From: Elad Alon via GitHub <sysbot+gh@w3.org>
Date: Sat, 25 Jun 2022 09:24:44 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-1166239345-1656149083-sysbot+gh@w3.org>
Here is an alternative version of the attack you proposed, which would not require any CropTarget. It works equally well with today's means:
* Demand that all sites be watermarked with some pixel-pattern that is unique, machine-readable, and not human-readable.
* Give degraded service to all sites that have not posted this identifier to the video-conferencing service.
* Collect tracking-data the same way you would have with the CropTarget UUIDs.

So we can see that the (unlikely) attack was equally possible without CropTarget serialization. (Unsurprisingly, it's never been employed.) Since this attack is equally technically feasible with/without serialization, I believe we can now forget about this concern.

GitHub Notification of comment by eladalon1983
Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/46#issuecomment-1166239345 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 25 June 2022 09:24:46 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:57 UTC