Hi all, Thanks for your work on this feature!
Would you be able to expand your Privacy Considerations section to address whether the API is likely to expose any new fingerprinting surfaces? Particularly; I am interested in understanding: 1. Whether there is additional information about the platform (e.g. OS version) that can be gleaned by querying whether the platform supports background blurring. Note that with the User Agent Reduction <https://developer.chrome.com/en/docs/privacy-sandbox/user-agent/> work, we are attempting to limit default access to some of this platform identifying information. 2. How stable do we expect the blur to be across hardware configurations? It would be unfortunate if this turned into a problem similar to Canvas Fingerprinting. Perhaps one mitigation here is that the capability is gated behind the getUserMedia() permission; which limits drive-by fingerprinting? I would appreciate a brief analysis of whether or not any fingerprinting risks exist; and if yes, how those risks can be mitigated by the implementation. Thank you! Kaustubha On Wednesday, March 29, 2023 at 9:31:46 AM UTC-4 [email protected] wrote: > Hi Arthur, > > On Tuesday, March 28, 2023 at 11:13:45 AM UTC+3 [email protected] wrote: > > Hi Bhaumik, > There was one question left unanswered in the I2P thread from the security > review, so I'm reposting it here: > > "This is my understanding, let me know if that's correct: > Background blur is applied by request or constraint. In the > first implementation only stream sources like cameras obtained by > GetUserMedia support blurring. This is completely unidirectional, from the > device to the platform. Getting a stream from another source such as > CanvasCaptureMediaStreamTrack will simply not support the capability. > Therefore there is no way to send custom crafted bits into the native APIs, > and in general no content from the internet flows into the native APIs." > > Is that accurate? > > > Yes, that's accurate. > I also updated the Explainer Security considerations > <https://github.com/riju/backgroundBlur/blob/main/explainer.md#security-considerations> > > sections to describe this. > > BR, > Eero > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/fdbc2acf-45f3-4751-bbdf-e36dcf2a64a3n%40chromium.org.
