- From: Pete Snyder <psnyder@brave.com>
- Date: Mon, 15 Jul 2019 11:30:57 -0700
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Hello PING folks,
I wanted to re-raise a concern that was briefly discussed during the last PING call, and which has been discussed a bit more over PING Slack.
The Media Capture and Streams spec is looking to move to a call for implementations. I have serious concerns with the proposal, for two main reasons.
1) The group has not addressed concerns PING brought up last time PING reviewed the spec (e.g. double-keying, [1] vs [2], despite commitments to do so)
2) The standard requires the browser to generate a unique, persistent identifier, and share it with the page, which, is (i) definitely privacy harming, and (ii) appears to not be needed to deliver the needed functionality (see the conversation on this issue [3])
These concerns are serious, and the standard moving forward as is would be extremely difficult to remediate (privacy wise) as is. I want to strongly encourage others to add to the issue [3] (or open related issues, if they have distinct concerns) and make it clear that the standard should not move forward as is.
Refs
---
[1]: https://www.w3.org/2016/03/getusermedia-wide-review.html#ping
[2]: https://w3c.github.io/mediacapture-main/getusermedia.html#device-info
[3]: https://github.com/w3c/mediacapture-main/issues/607
Pete Snyder
{pes,psnyder}@brave.com
Brave Software
Privacy Researcher
Received on Monday, 15 July 2019 18:31:21 UTC