Re: [webrtc-stats] Stats API should require additional permission / user opt-in (#550) from henbos via GitHub on 2022-09-13 (public-webrtc-logs@w3.org from September 2022)

From: henbos via GitHub <sysbot+gh@w3.org>
Date: Tue, 13 Sep 2022 07:49:35 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-1245031108-1663055371-sysbot+gh@w3.org>

Because a) and b) (from issue description) are a little different and likely require different mitigations (e.g. a mitigation to "leaking communication / plain text" is related to granularity of packet counters etc whereas "hardware fingerprinting" is about which context we should be allowed to expose HW states) I split this issue up into different issues.

This issue can continue to be about "leaking communication / plain text"
For HW fingerprinting I filed #675 and, because codec is exposed in multiple places, a separate issue for that so that we can sync with webrtc-pc: #674.

> As this field is a fingerprinting vector, it MUST only be exposed to contexts that the user interacted with in a deep manner, for instance if https://w3c.github.io/mediacapture-main/#context-capturing-state returns true.

I like this idea, let's follow up in #675


-- 
GitHub Notification of comment by henbos
Please view or discuss this issue at https://github.com/w3c/webrtc-stats/issues/550#issuecomment-1245031108 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 13 September 2022 07:49:38 UTC