Re: [blink-dev] Intent to Ship: AudioContext.outputLatency

Mon, 15 Nov 2021 08:05:39 -0800 

On 11/15/21 10:56 AM, Hongchan Choi wrote:
On Mon, Nov 15, 2021 at 6:49 AM Mike Taylor <miketa...@chromium.org> wrote: 

    On 11/15/21 1:47 AM, Yoav Weiss wrote:

    On Fri, Nov 12, 2021 at 5:33 PM 'Ajay Rahatekar' via blink-dev
    <blink-dev@chromium.org> wrote:


                TAG review status

        Completed: Web Audio API specification is W3C Recommendation.


                Risks

        There is a risk of the feature being used for fingerprinting.
        However outputLatency is the buffer size of the
        platform-provided audio callback, so the value is inherently
        platform-specific. That said, the majority of the platform
        audio buffer size is widely known. (MacOS = 128 frames,
        Windows = 10ms, Android = 96 frames, etc)


        This featureĀ  does not expose more than what you can
        query/infer from the UA string.


    Would that exposure map cleanly to UA-Platform
    <https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform>,
    which is considered low-entropy and exposed by default? Or would
    it add more than that?

    /cc +Mike Taylor <mailto:miketa...@chromium.org>


    Looking at
    https://www.w3.org/TR/webaudio/#dom-audiocontext-outputlatency, it
    states that it depends on the platform _and_ the hardware output
    device. If I use an app using outputLatency with speaker A, then
    switch to speaker B, will the outputLatency remain the same?



The specification says: If the audio output device is changed the 
outputLatency attribute value will be updated accordingly.


So the answer is no. The value will change accordingly.



If that's the case, then outputLatency can reveal more entropy than just 
platform alone, right? It would be useful to know what this looks like 
in practice, or what mitigations we might be able to apply depending on 
the size of these latency differences.


--
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/96373b88-f220-26ac-a666-4a275e65acf0%40chromium.org.






















					Reply via email to