Re: Security of cross-origin audio

On 31 May 2013 01:15, Harald Alvestrand <> wrote:
> When addressing deliberate tampering, I'm not sure the case for audio is all
> that different from the case for video; video is also subject to copying
> through the "analog hole" much bemoaned by Hollywood DRM advocates - or by
> pointing a camera at the screen.

Yes, DRM doesn't work.  I wasn't talking about that.  I was talking
about the user agent protecting their users.

This might just be a restriction on getUserMedia when tainted output
is present.  That is, if I'm having a secured (peerIdentity
constrained) conversation with Stefan, then cannot - at the
same time - sample my microphone and send that audio for "further
processing".  This might be behavior that the site can opt into with a
constraint, or it might be a consequence of choosing to use
peerIdentity/noaccess constraints.

On the converse, it would be nice to know that the audio that I'm
receiving is both a secured stream from Stefan mixed with some audio
that the site has selected or generated.

Received on Monday, 3 June 2013 16:15:09 UTC