On Monday, May 19, 2014 at 7:43:19 AM UTC-4, Mike Perry wrote: > I just saw > https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/ > and I'm a bit concerned. > > Obviously, it will be simple enough for Tor Browser and other Free/Libre > Firefox derivatives to disable this DRM mechanism, but I'm worried about > the long term effects of giving the web a persistent device identifier > (which that blog post mentions, but I can't find direct reference to in > the EME draft spec). > > It seems to me that a device identifier will quickly be abused by more > than just streaming media sites. What will prevent banking sites, > government sites, and even sites that are simply hostile to privacy from > requiring the receipt of a device id before allowing access to their > content? I've already encountered sites that require me to view a > full-page captive advertisement prior to viewing their content. It does > not seem too much of a stretch for this type of captive advertisement to > use EME to obtain a device identifier as part of this process, too. > > Worse: if this does happen, and a Firefox addon, Tor Browser, or other > Firefox derivative decides to alter the behavior of this device > identifier to bring it fully under user control, will we be violating > the DMCA by creating a 'circumvention device'? > > Have these issues been considered? > > > -- > Mike Perry
I'm _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
