Yay! Thank you for this work. On Tue, Aug 22, 2023 at 8:48 PM Jan-Ivar Bruaroey <[email protected]> wrote: > > In Firefox 119 or 120 we intend to flip a pref to limit camera and microphone > information ahead of active access. > > Summary: navigator.mediaDevices.enumerateDevices() is called by ~7% of the > web, a magnitude larger than the expected legitimate use of ~0.2%, the rest > are trackers (2, 3). The API allows websites unprompted access to information > about a user's cameras and microphones, which is a fingerprinting surface. > > Early versions of the spec revealed the number of devices to all sites, and > for full access to device labels, it only required a site to have had camera > or microphone permission persisted to it in the past, something two major > browsers grant automatically after just a single use (post COVID-19, this is > a LOT of users). > > A review by the Privacy Interest Group (PING) in 2020 tightened the spec (1) > to only reveal absence of camera or microphone to all sites, and to require > active camera and microphone access (not just permission) for anything else. > > Privacy being a core Mozilla principle, we intend to ship this update to the > spec. > > Bug: https://bugzil.la/1528042 > > Standard: > > https://www.w3.org/TR/mediacapture-streams/#idl-def-mediadevices-enumeratedevices > https://chromestatus.com/metrics/feature/timeline/popularity/1119 > https://chromestatus.com/metrics/feature/timeline/popularity/1402 > > Platform Coverage: All platforms. > > Preference: We intend to flip our pref media.devices.enumerate.legacy.enabled > to false by default to limit device information. > > Other Browsers: > > Webkit: has shipped this updated spec since ~14 > Blink: https://crbug.com/1101860 > > Web-platform-tests: > > https://wpt.fyi/results/mediacapture-streams/MediaDevices-enumerateDevices-persistent-permission.https.html > > Note the linked test fails for infra reasons and lack of permission > automation in gecko, but passes in Mozilla's own CI, and in local builds > using mach wpt > > Web compatibility > > The new behavior should match Safari. But the pref is already available in > Firefox release, so please flip it in about:config to test the difference in > your video conferencing app today, so it won't break in the next version of > Firefox! — Or if you're just curious, in this test page: > https://jan-ivar.github.io/dummy/enumerate.html > > This also fixes a device label leak that some video conferencing sites were > misusing to detect permission in Firefox. Please see our Intent to ship > "camera" & "microphone" in permissions.query() for a better solution to this. > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/c3ffb784-d50c-4007-a096-10a02d0f0ab0n%40mozilla.org.
-- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADua4_s3q%3DQnFTpuS7SZeESQufbv%3DMt9SxMsXcLy8P4Yrv%3Dc9A%40mail.gmail.com.
