Re: Towards a getUserMedia/enumerateDevices fingerprinting solution

Am 07.02.19 um 19:05 schrieb youenn fablet:
> As shown by https://www.chromestatus.com/metrics/feature/timeline/popularity/1119 <https://www.chromestatus.com/metrics/feature/timeline/popularity/1119>, enumerateDevices is probably used for fingerprinting purposes.
> A thread started on GitHub (https://github.com/w3c/mediacapture-main/issues/559 <https://github.com/w3c/mediacapture-main/issues/559>) to tackle this issue.

I took a look at some of the less... suspicious urls in the httparchive 
list.

landrover.it includes
   https://static.vee24.com/v24/veedesk/v24Embedded.js
which has a function getCapabilities.
This is a "live customer engagement" vendor which suggests the classic 
"live chat with an agent about the questions you have" use-case.
This use-case has been pitched as one of the things WebRTC enables since 
the early days (https://vimeo.com/47682405 shows it at 2:40, the slide 
is even older).

Typically the option to have a video chat would only be shown if the 
user has a camera and microphone which is the reason for using 
enumerateDevices. Whether this use-case justifies gathering that data 
from *all* website visitors is probably a question for data protection 
agencies.


I couldn't think of anything edgy with dodocase.com so... its a shop for 
ipad covers and includes
   https://cdn.justuno.com/mwgt_4.1.js?v=1.96
which seems to be some conversion rate optimization tool. It uses 
enumerateDevices to generate fingerprinting information.
The enumerateDevices bit is fairly simple and concatenates deviceIds and 
kind.

\_(ʘ_ʘ)_/

Received on Wednesday, 27 February 2019 07:37:29 UTC