W3C home > Mailing lists > Public > public-webrtc@w3.org > February 2015

Re: [rtcweb] ICE exposes 'real' local IP to javascript

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 06 Feb 2015 15:39:29 +0100
To: Harald Alvestrand <harald@alvestrand.no>
Cc: public-webrtc@w3.org
Message-ID: <53j9da5qgrffeq11kmei6dsv0infi8agbv@hive.bjoern.hoehrmann.de>
* Harald Alvestrand wrote:
>I don't think we're communicating....
>you say:
>"saying that it is not to be used for other purposes in the specification."
>I assume that the specification is the one that says this, and "it"
>refers to IP address information.
>Who would we (as specification writers) place this obligation upon?
>Browser implementors?
>Web page writers?
>Some yet unnamed third party?

It would be in the API specification and apply to users of the API. I do
not think it is useful to get hung up on this one example, but since you

>As an example of requiring the Web page developers to behave a certain
>way: At the moment the European Commission's ruling (which has
>considerably more legal force behind it than standards specifications)
>is that Web site managers have to notify their users that they use
>cookies. How effective is that requirement in stopping the use of
>cookies for nefarious purposes?

That does not limit use of cookies for anything. A better example would
be corporations trying to work around browser features to disable third
party cookies or users deleting cookies, where it's clear they are doing
something contrary to the intent of certain features. To give an old and
a recent example:

Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/ 
Received on Friday, 6 February 2015 14:40:03 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:43 UTC