Towards a getUserMedia/enumerateDevices fingerprinting solution

As shown by https://www.chromestatus.com/metrics/feature/timeline/popularity/1119 <https://www.chromestatus.com/metrics/feature/timeline/popularity/1119>, enumerateDevices is probably used for fingerprinting purposes.
A thread started on GitHub (https://github.com/w3c/mediacapture-main/issues/559 <https://github.com/w3c/mediacapture-main/issues/559>) to tackle this issue.

The editors are seeking feedback on the following assumptions.

1. It is assumed that:
- Leaking any fingerprinting information silently through enumerateDevices is an issue.
- Leaking any fingerprinting information silently through getUserMedia is an issue.
- Leaking some fingerprinting information after a getUserMedia prompt is ok, even if user denied access.
- Leaking all capture device information is ok if a web page is granted capture access.

2. enumerateDevices is widely used to implement capture device pickers.
Capture device pickers are usually showing previews of the capture device.
It is assumed that:
- In regular flows, enumerateDevices is called after getUserMedia access is granted.

3. enumerateDevices may be used to check for microphone/camera existence
If no microphone or camera is exposed in enumerateDevices, web sites might not call getUserMedia at all.
Web sites can discover that capture devices are missing by checking for NotFoundError in case of getUserMedia promise rejection.
It is assumed that:
- Getting capture device presence through getUserMedia is good enough so that enumerateDevices might not be required to always accurately provide this information.

Any feedback most welcome,
	Y

Received on Thursday, 7 February 2019 18:05:59 UTC