Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mention enumerateDevices fingerprinting mitigation pre-capture #758

Merged
merged 3 commits into from
Dec 17, 2020
Merged

Mention enumerateDevices fingerprinting mitigation pre-capture #758

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
19645a6
Mention enumerateDevices fingerprinting mitigation pre-capture
youennf Dec 17, 2020
d9cb423
Update getusermedia.html
jan-ivar Dec 17, 2020
d18acdd
Update getusermedia.html
jan-ivar Dec 17, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions getusermedia.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2864,8 +2864,15 @@ <h2>Methods</h2>
information across browsing sessions and origins via the availability
of media capture devices, it adds to the
fingerprinting surface exposed by the User Agent.</p>
<p class="fingerprint">Once authorization has been granted to one
of the capture devices, it provides additional persistent
<p class="fingerprint">As long as the [=environment settings
object/responsible document=] did not capture, this method will
limit exposure to two bits of information: whether there is a camera
and whether there is a microphone. A User Agent MAY mitigate this by
jan-ivar marked this conversation as resolved.
Show resolved Hide resolved
pretending the system has a camera and a microphone, for instance until the
[=environment settings object/responsible document=] calls
{{MediaDevices/getUserMedia()}} with constraints deemed valid.</p>
jan-ivar marked this conversation as resolved.
Show resolved Hide resolved
<p class="fingerprint">After the [=environment settings object/responsible document=]
started capture, it provides additional persistent
cross-origin information via the list of all media capture devices,
including their grouping and human readable labels associated
with the capture devices, which further adds to the
Expand All @@ -2877,7 +2884,7 @@ <h2>Methods</h2>
<section>
<h2>Access control model</h2>
<p>The algorithm described above means that the access to media device
information depends on whether or not the browsing context did capture.</p>
information depends on whether or not the [=environment settings object/responsible document=] did capture.</p>
<p>For camera and microphone devices, if the browsing context did not capture
(i.e. {{MediaDevices/getUserMedia()}} was not called or never resolved successfully), the
{{MediaDeviceInfo}} object will contain a valid value for {{MediaDeviceInfo/kind}} but empty strings
Expand Down