-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The review of privacy #170
Comments
I thank the editors for what appears to be an excellent fingerprinting analysis. This is exactly the sort of thing I'm looking for in specs. First, the security and privacy considerations for the spec should be split, as documented in the current version of https://w3ctag.github.io/security-questionnaire/. As a general thing, why are we exposing device capabilities to the app for purposes of negotiation? Couldn't we instead have sites expose available media formats and have browsers (perhaps in a way not exposed the application) pick the one they like best? That way a browser wishing to be more privacy preserving could simply make a consistent choice, without having to fake an answer to this API, as recommended in https://w3c.github.io/media-capabilities/#decoding-encoding-fingerprinting. |
I broke each of the line items above, including the ones in my earlier comment, into separate issues. I suggest that the WG close this issue and instead resolve the separate issues. |
HI, sorry for the delay. Thanks for kicking this off, and thanks to @samuelweiler for splitting it up. I think this issue should probably close and I'll respond to the individual issues that were opened. Feel free to re-open this one if you'd like. |
Hi folks!
Thanks for all the works, it's really cool and exciting.
I'm the invited expert of PING.
Here're some questions about the potential privacy concerns:
Question:
Does this mean there's an API will expose the usage of CPU/GPU without users' explicit permission?powerEfficient
field ofMediaCapabilitiesInfo
Question 1:
When thepowerEfficient
is set totrue
, is it possible to expose Battery Status without users' explicit permission?Question 2:
Is it possible to increase the temperature intendedly withpowerEfficient
field?WebRTC
issueThe
MediaDecodingType
hasWebRTC
option that is used to represent a configuration that is meant to be received usingRTCPeerConnection
. However,WebRTC
has known privacy issues: https://wiki.mozilla.org/Media/WebRTC/PrivacyQuestion:
Is it possible to stop the initialization process if theWebRTC
was disabled?Thanks!
The text was updated successfully, but these errors were encountered: