fingerprinting section

w3c · Mar 8, 2019 · e120507 · e120507
1 parent 56f0c20
commit e120507
Showing 1 changed file with 37 additions and 9 deletions.
diff --git a/MediaRecorder.bs b/MediaRecorder.bs
@@ -200,7 +200,7 @@ interface MediaRecorder : EventTarget {
     from this {{MediaRecorder}}, throw a {{SecurityError}} {{DOMException}} and
     abort these steps.</li>
 
-    <li>Set {{state}} to {{recording}}, and run the following steps in parallel:
+    <li>Set {{state}} to {{recording}}, and run the following steps <a>in parallel</a>:
     <ol>
       <li>Start gathering the data into a {{Blob}} <var>blob</var> and queue a
       task, using the DOM manipulation task source, to <a>fire an event</a>
@@ -809,14 +809,35 @@ exhausting the resources.
 
 ## Fingerprinting ## {#fingerprinting}
 
-{{Active fingerprinting}} ...
-
-E.g. a UA might provide use of a certain hardware accelerator on a given
-platform (or generation thereof); this might help code triangulate the
-supporting device via {{isTypeSupported()}}.
-
-UAs should take measures to mitigate this fingerprinting surface increase by
-implementing functional dimensions...
+{{MediaRecorder}} provides information regarding the supported video and audio
+MIME types via the {{isTypeSupported()}} method. It will also select the most
+appropriate codec and bandwidth allocation combination when these are not
+defined in the {{MediaRecorderOptions}}, and make this information available via
+the {{Blob/type}} attribute of the <code>event</code>'s' <code>data</code>
+received in {{ondataavailable}}. It will also try to honour the
+{{MediaRecorderOptions}} if specified.
+
+A malicious website could try to use this information for <a>active
+fingerprinting</a> in a number of ways, e.g. it might try to
+
+- Infer the device and hardware characteristics or determine the operating
+  system vendor and/or version differences by means of identifying the user
+  agent capabilities: a UA might provide use of a certain codec and/or hardware
+  encoding accelerator only on a given platform (or generation thereof), or
+  those might have a resolution/frame rate limit, making it vulnerable to
+  fingerprinting.
+
+- Infer any of the above by statistical measurements of system performance: e.g.
+  the UA might provide different by-default bandwidth allocations depending on
+  the hardware capabilities, or the UA could try measuring the system load when
+  encoding different resolutions of certain input vectors.
+
+The UAs should take measures to mitigate this <a>fingerprinting surface</a>
+increase by e.g. implementing broad support for a given codec or MIME type and
+not making it dependent on e.g. architecture or hardware revisions nor OS/
+version support, to prevent device/hardware characteristics inference through
+browser functionality. The UA should also take steps for making the default
+values that limit the amount and identifiability of the UA capabilities.
 
 # Examples # {#examples}
 
@@ -946,6 +967,13 @@ urlPrefix: https://www.w3.org/TR/mediacapture-streams/#; type: enum-value; text:
 urlPrefix: https://www.w3.org/TR/mediacapture-streams/#; type: enum-value; text: live; url: idl-def-MediaStreamTrackState.live
 </pre>
 
+<pre class="anchors">
+urlPrefix: https://www.w3.org/TR/fingerprinting-guidance/#
+    type: dfn
+        text: active fingerprinting; url: dfn-active-fingerprinting
+        text: fingerprinting surface; url: dfn-fingerprinting-surface
+</pre>
+
 <pre class="link-defaults">
 spec: html
     type: dfn