[webrtc-stats] The HW exposure check does not solve Cloud Gaming use cases (#730)

henbos has just created a new issue for https://github.com/w3c/webrtc-stats:

== The HW exposure check does not solve Cloud Gaming use cases ==
After some back and forth, the [current HW exposure check](https://w3c.github.io/webrtc-stats/#limiting-exposure-of-hardware-capabilities) only considers contexts that have capture (getUserMedia). This [obviously does not work for Cloud Gaming](https://github.com/w3c/webrtc-stats/pull/725#discussion_r1093134014).

What's even more frustrating is that MediaCapabilities already expose the HW capability information, but it does not expose what is currently used (e.g. decoderFallback). The specs are inconsistent in how much they care about exposure information. The [MC privacy consideration section](https://www.w3.org/TR/media-capabilities/#decoding-encoding-fingerprinting) says that there is very little information exposed so it is not a big problem, but that a user agent might want to throttle or give vague answers, which is very much up for interpretation. Why would getStats() be less restrictive than MC?

Possible paths forward:
1. Declare decoderFallback a weak fingerprinting vector and skip the HW exposure check.
2. File an issue on MediaCapablities to add a HW exposure procedure. Even if the steps are something vague like "let the UA decide", we would at least have something to reference, and we could say that "if the MC check passes, return true" in our own HW exposure algorithm.

In reality though, because MC is currently up to the UA which in practise appears to be implemented as "always expose", doing 2) would basically turn off all finger printing protection from getStats(). But at least the two specs would be consistent.

Please view or discuss this issue at https://github.com/w3c/webrtc-stats/issues/730 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 2 February 2023 10:07:29 UTC