Hi, On Thurday, March 30, 2023 at 3:43:06 PM UTC+3Kaustubha Govind wrote:
Would you be able to expand your Privacy Considerations section to address whether the API is likely to expose any new fingerprinting surfaces? I have added Fingerprinting <https://github.com/riju/backgroundBlur/blob/main/explainer.md#fingerprinting> subsection to our Privacy Considerations section. Particularly; I am interested in understanding: 1. Whether there is additional information about the platform (e.g. OS version) that can be gleaned by querying whether the platform supports background blurring. Note that with the User Agent Reduction <https://developer.chrome.com/en/docs/privacy-sandbox/user-agent/> work, we are attempting to limit default access to some of this platform identifying information. In short, there isn't but see the linked Fingerprinting subsection for detailed analysis. 1. How stable do we expect the blur to be across hardware configurations? It would be unfortunate if this turned into a problem similar to Canvas Fingerprinting. In Canvas Fingerprinting, sites can draw to a canvas (the source) as they like and fingerprint the result which may be a bit different on different platforms and platform versions. I assume that you refer to this (lack of) stable result here. This is really not an issue with background blur. In the case of the getUserMedia tracks, the sites has access to tracks which may have background blur in effect and may allow background blur to be disabled/enabled and to the resulting frames. However, sites have no control on the source (what's in the field-of-view of a camera) so it is not possible to reprocess the same frames on different platforms and platform versions and to compare the results. Perhaps one mitigation here is that the capability is gated behind the getUserMedia() permission; which limits drive-by fingerprinting? That is the main gate but see the linked Fingerprinting subsection for detailed analysis. BR, Eero -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/30abe916-ec06-4983-b994-d66a6dc59459n%40chromium.org.
