WebKit currently regenerates device IDs when a page is refreshed, unless the user has granted permission to capture without a prompt. This was done to enhance user privacy because we observed that many sites that don't ever call getUserMedia call enumerateDevices for fingerprinting. This behavior is different from other browsers, which return somewhat stable device IDs, causes problems for existing scripts (e.g. see bug 179220), and makes device IDs essentially useless. To improve the usefulness of device IDs to scripts, while not increasing the usefulness for fingerprinting, enumerateDevices should return stable device IDs once the user has granted permission to capture and return an empty string before that.
<rdar://problem/45699932>
This patch will make device IDs empty until permission to capture has been granted, another patch will make the IDs stable.
Created attachment 353496 [details] Patch
Comment on attachment 353496 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353496&action=review > LayoutTests/fast/mediastream/MediaStreamTrack-getCapabilities.html:90 > + .then(stream => mediaStream = stream); mediaStream = await navigator.mediaDevices.getUserMedia({ audio:true, video:true }); > LayoutTests/fast/mediastream/get-user-media-device-id.html:18 > + assert_true(device.deviceId.length == 0 , "device.deviceId is empty before permission to capture"); Should we go with empty device ids or undefined device ids? The spec seems to forbid empty device ids as they must be unique. In terms of breakage, empty string device ids might be a bit better except if used for hashes.
Comment on attachment 353496 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353496&action=review >> LayoutTests/fast/mediastream/get-user-media-device-id.html:18 >> + assert_true(device.deviceId.length == 0 , "device.deviceId is empty before permission to capture"); > > Should we go with empty device ids or undefined device ids? > The spec seems to forbid empty device ids as they must be unique. > In terms of breakage, empty string device ids might be a bit better except if used for hashes. I think empty ids will cause fewer problems for scripts, so lets go with this for now at least.
Created attachment 353501 [details] Patch for landing
(In reply to Eric Carlson from comment #5) > Comment on attachment 353496 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=353496&action=review > > >> LayoutTests/fast/mediastream/get-user-media-device-id.html:18 > >> + assert_true(device.deviceId.length == 0 , "device.deviceId is empty before permission to capture"); > > > > Should we go with empty device ids or undefined device ids? > > The spec seems to forbid empty device ids as they must be unique. > > In terms of breakage, empty string device ids might be a bit better except if used for hashes. > > I think empty ids will cause fewer problems for scripts, so lets go with > this for now at least. I filed a corresponding issue there: https://github.com/w3c/mediacapture-main/issues/551
Comment on attachment 353501 [details] Patch for landing Clearing flags on attachment: 353501 Committed r237643: <https://trac.webkit.org/changeset/237643>
All reviewed patches have been landed. Closing bug.