-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EME Extension: HDCP Policy Check #243
Comments
w3ctag/design-reviews#323 might have a few useful thoughts here. |
How much will the results of this API vary between Firefox users, and what would cause the variation? |
Hmm. This API has become worse for fingerprinting since I last paid attention: Instead of exposing a boolean, there are now more outcomes. The explainer shows 10 distinct outcomes of which Firefox and Chromium presently know about 9. The source of variation would be the combination of operating system, GPU driver(s), GPU(s), and screen(s). One might argue that WebGL already exposes a hopeless number of fingerprinting bits that correlate with these. In the WICG issue, it's said: "Several open-access license servers exist for the purposes of testing and integration, and their CORS headers allow access from "*". So this becomes all sites running in a secure context. Any HTTPS-hosted site can do a license exchange with these open license servers." So this means that even without this API, these fingerprinting bits are available to the Web, but this API makes the bits available with less effort and with out a (potentially detectable and blockable) HTTP round trip to an open-access license server. I'll ping you off-GitHub about reducing the fingerprinting bits. |
Request for Mozilla Position on an Emerging Web Specification
Other information
This check is currently implemented in Gecko, but is behind a pref. I'm seeking more input on what we'd like to see before exposing the functionality without a pref being set.
The text was updated successfully, but these errors were encountered: