[mediacapture-main] Distinguish audible from ultrasonic sound in privacy and maybe permission model (#1065) from Jeffrey Yasskin via GitHub on 2026-05-14 (public-webrtc@w3.org from May 2026)

From: Jeffrey Yasskin via GitHub <noreply@w3.org>
Date: Thu, 14 May 2026 18:16:38 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-4448234409-1778782596-noreply@w3.org>

jyasskin has just created a new issue for https://github.com/w3c/mediacapture-main:

== Distinguish audible from ultrasonic sound in privacy and maybe permission model ==
The [privacy considerations](https://w3c.github.io/mediacapture-main/#privacy-and-security-considerations) currently mention

> once access to an audio stream is obtained, that stream can most likely be used to fingerprint user location down to the level of a room or even simultaneous occupation of a room by disparate users (e.g. via analysis of ambient audio or of unique audio purposely played out of the device speaker).

This sort of identification threatens ["User agents should prevent people from being recognized across partitions unless they intend to be recognized."](https://www.w3.org/TR/privacy-principles/#user-agent-recognition:~:text=User%20agents%20should%20prevent%20people%20from%20being%20recognized%20across%20partitions%20unless%20they%20intend%20to%20be%20recognized.) (from the W3C Privacy Principles) when one user has two devices on which they'd like to have separate identities.

With audible sound, these users have a chance of noticing that their devices are playing an identifying sound, which creates a disincentive for abusing this channel. That's probably the best we can do without irreparably damaging this API's use cases. With ultrasonic sound, there is no such perceptible signal, which eliminates the disincentive.

Some sites currently use this kind of ultrasonic signal in strongly user-serving ways. I'm aware of one that asks "are you in this video-conference room?" so that users can easily put their name in the right room. These sites have computed information the user might prefer they not have, but that doesn't mean they're storing or using the information before learning the user's intent. Any changes in this API (e.g. filtering out inaudible frequencies unless the site has asked for them specifically) should preserve this sort of use case, while hopefully making users more aware of when it's happening, so the users can make an intentional decision about whether to trust the sites.

Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/1065 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 14 May 2026 18:16:39 UTC