W3C home > Mailing lists > Public > public-webrtc@w3.org > February 2019

Re: Towards a getUserMedia/enumerateDevices fingerprinting solution

From: Philipp Hancke <fippo@goodadvice.pages.de>
Date: Wed, 27 Feb 2019 08:36:59 +0100
To: public-webrtc@w3.org
Message-ID: <18bfddb5-5a58-64b8-ab4a-159ca7d7482a@goodadvice.pages.de>
Am 07.02.19 um 19:05 schrieb youenn fablet:
> As shown by https://www.chromestatus.com/metrics/feature/timeline/popularity/1119 <https://www.chromestatus.com/metrics/feature/timeline/popularity/1119>, enumerateDevices is probably used for fingerprinting purposes.
> A thread started on GitHub (https://github.com/w3c/mediacapture-main/issues/559 <https://github.com/w3c/mediacapture-main/issues/559>) to tackle this issue.

I took a look at some of the less... suspicious urls in the httparchive 

landrover.it includes
which has a function getCapabilities.
This is a "live customer engagement" vendor which suggests the classic 
"live chat with an agent about the questions you have" use-case.
This use-case has been pitched as one of the things WebRTC enables since 
the early days (https://vimeo.com/47682405 shows it at 2:40, the slide 
is even older).

Typically the option to have a video chat would only be shown if the 
user has a camera and microphone which is the reason for using 
enumerateDevices. Whether this use-case justifies gathering that data 
from *all* website visitors is probably a question for data protection 

I couldn't think of anything edgy with dodocase.com so... its a shop for 
ipad covers and includes
which seems to be some conversion rate optimization tool. It uses 
enumerateDevices to generate fingerprinting information.
The enumerateDevices bit is fairly simple and concatenates deviceIds and 

Received on Wednesday, 27 February 2019 07:37:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:46 UTC