RESOLVED FIXED 191112
[MediaStream] Don't reveal device IDs until the user has granted permission to capture 
https://bugs.webkit.org/show_bug.cgi?id=191112
Summary [MediaStream] Don't reveal device IDs until the user has granted permission t...
Eric Carlson
Reported 2018-10-31 07:44:01 PDT
WebKit currently regenerates device IDs when a page is refreshed, unless the user has granted permission to capture without a prompt. This was done to enhance user privacy because we observed that many sites that don't ever call getUserMedia call enumerateDevices for fingerprinting. This behavior is different from other browsers, which return somewhat stable device IDs, causes problems for existing scripts (e.g. see bug 179220), and makes device IDs essentially useless. To improve the usefulness of device IDs to scripts, while not increasing the usefulness for fingerprinting, enumerateDevices should return stable device IDs once the user has granted permission to capture and return an empty string before that.
Attachments
Patch (8.76 KB, patch)
2018-10-31 08:41 PDT, Eric Carlson 		no flags
DetailsFormatted DiffDiff
Patch for landing (8.71 KB, patch)
2018-10-31 10:00 PDT, Eric Carlson 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-10-31 08:02:25 PDT
<rdar://problem/45699932>
Eric Carlson
Comment 2 2018-10-31 08:41:33 PDT
This patch will make device IDs empty until permission to capture has been granted, another patch will make the IDs stable.
Eric Carlson
Comment 3 2018-10-31 08:41:50 PDT
Created attachment 353496 [details] Patch
youenn fablet
Comment 4 2018-10-31 08:54:43 PDT
Comment on attachment 353496 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353496&action=review > LayoutTests/fast/mediastream/MediaStreamTrack-getCapabilities.html:90 > + .then(stream => mediaStream = stream); mediaStream = await navigator.mediaDevices.getUserMedia({ audio:true, video:true }); > LayoutTests/fast/mediastream/get-user-media-device-id.html:18 > + assert_true(device.deviceId.length == 0 , "device.deviceId is empty before permission to capture"); Should we go with empty device ids or undefined device ids? The spec seems to forbid empty device ids as they must be unique. In terms of breakage, empty string device ids might be a bit better except if used for hashes.
Eric Carlson
Comment 5 2018-10-31 09:46:43 PDT
Comment on attachment 353496 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353496&action=review >> LayoutTests/fast/mediastream/get-user-media-device-id.html:18 >> + assert_true(device.deviceId.length == 0 , "device.deviceId is empty before permission to capture"); > > Should we go with empty device ids or undefined device ids? > The spec seems to forbid empty device ids as they must be unique. > In terms of breakage, empty string device ids might be a bit better except if used for hashes. I think empty ids will cause fewer problems for scripts, so lets go with this for now at least.
Eric Carlson
Comment 6 2018-10-31 10:00:49 PDT
Created attachment 353501 [details] Patch for landing
youenn fablet
Comment 7 2018-10-31 10:17:44 PDT
(In reply to Eric Carlson from comment #5) > Comment on attachment 353496 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=353496&action=review > > >> LayoutTests/fast/mediastream/get-user-media-device-id.html:18 > >> + assert_true(device.deviceId.length == 0 , "device.deviceId is empty before permission to capture"); > > > > Should we go with empty device ids or undefined device ids? > > The spec seems to forbid empty device ids as they must be unique. > > In terms of breakage, empty string device ids might be a bit better except if used for hashes. > > I think empty ids will cause fewer problems for scripts, so lets go with > this for now at least. I filed a corresponding issue there: https://github.com/w3c/mediacapture-main/issues/551
WebKit Commit Bot
Comment 8 2018-10-31 10:26:58 PDT
Comment on attachment 353501 [details] Patch for landing Clearing flags on attachment: 353501 Committed r237643: <https://trac.webkit.org/changeset/237643>
WebKit Commit Bot
Comment 9 2018-10-31 10:27:00 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.