- From: Elad Alon via GitHub <sysbot+gh@w3.org>
- Date: Sat, 25 Jun 2022 09:24:44 +0000
- To: public-webrtc-logs@w3.org
Here is an alternative version of the attack you proposed, which would not require any CropTarget. It works equally well with today's means: * Demand that all sites be watermarked with some pixel-pattern that is unique, machine-readable, and not human-readable. * Give degraded service to all sites that have not posted this identifier to the video-conferencing service. * Collect tracking-data the same way you would have with the CropTarget UUIDs. So we can see that the (unlikely) attack was equally possible without CropTarget serialization. (Unsurprisingly, it's never been employed.) Since this attack is equally technically feasible with/without serialization, I believe we can now forget about this concern. -- GitHub Notification of comment by eladalon1983 Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/46#issuecomment-1166239345 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 25 June 2022 09:24:46 UTC