Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The review of privacy #170

Closed
NalaGinrut opened this issue Mar 15, 2021 · 3 comments
Closed

The review of privacy #170

NalaGinrut opened this issue Mar 15, 2021 · 3 comments
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.

Comments

@NalaGinrut
Copy link
Member

NalaGinrut commented Mar 15, 2021

Hi folks!
Thanks for all the works, it's really cool and exciting.
I'm the invited expert of PING.
Here're some questions about the potential privacy concerns:

  1. About the CPU/GPU usage query

Real time feedback about the playback so an adaptative streaming can alter the quality of the content based on actual user perceived quality. Such information will allow websites to react to a pick of CPU/GPU usage in real time.

Question: Does this mean there's an API will expose the usage of CPU/GPU without users' explicit permission?

  1. About the powerEfficient field of MediaCapabilitiesInfo

A MediaCapabilitiesInfo has associated supported, smooth, powerEfficient fields which are booleans.
Authors can use powerEfficient in concordance with the Battery Status API [battery-status] in order to determine whether the media they would like to play is appropriate for the user configuration. It is worth noting that even when a device is not power constrained, high power usage has side effects such as increasing the temperature or the fans noise.

Question 1: When the powerEfficient is set to true, is it possible to expose Battery Status without users' explicit permission?
Question 2: Is it possible to increase the temperature intendedly with powerEfficient field?

  1. The WebRTC issue
    The MediaDecodingType has WebRTC option that is used to represent a configuration that is meant to be received using RTCPeerConnection. However, WebRTC has known privacy issues: https://wiki.mozilla.org/Media/WebRTC/Privacy
    Question: Is it possible to stop the initialization process if the WebRTC was disabled?

Thanks!

@samuelweiler
Copy link
Member

I thank the editors for what appears to be an excellent fingerprinting analysis. This is exactly the sort of thing I'm looking for in specs.

First, the security and privacy considerations for the spec should be split, as documented in the current version of https://w3ctag.github.io/security-questionnaire/.

As a general thing, why are we exposing device capabilities to the app for purposes of negotiation? Couldn't we instead have sites expose available media formats and have browsers (perhaps in a way not exposed the application) pick the one they like best? That way a browser wishing to be more privacy preserving could simply make a consistent choice, without having to fake an answer to this API, as recommended in https://w3c.github.io/media-capabilities/#decoding-encoding-fingerprinting.

@samuelweiler
Copy link
Member

I broke each of the line items above, including the ones in my earlier comment, into separate issues. I suggest that the WG close this issue and instead resolve the separate issues.

@samuelweiler samuelweiler added the privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. label Mar 19, 2021
@chcunningham
Copy link
Contributor

HI, sorry for the delay. Thanks for kicking this off, and thanks to @samuelweiler for splitting it up. I think this issue should probably close and I'll respond to the individual issues that were opened. Feel free to re-open this one if you'd like.

@chrisn chrisn mentioned this issue Aug 27, 2024
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Projects
None yet
Development

No branches or pull requests

3 participants