Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Privacy] Adds notes clarifying behavior to address privacy review. #83

Merged
merged 15 commits into from
Jun 16, 2017
Merged

[Privacy] Adds notes clarifying behavior to address privacy review. #83

Changes from 10 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
c216df3
Address issue #64
markafoltz May 4, 2017
9784000
Minor edit.
markafoltz May 4, 2017
e481983
Add note ordering availaiblity callbacks and disconnect event.
markafoltz May 4, 2017
78ab1fb
Drops step 9 in prompt().
markafoltz May 4, 2017
a315df9
Updates to address privacy issues
markafoltz May 9, 2017
3d75dcf
Merge remote-tracking branch 'upstream/gh-pages' into gh-pages
markafoltz May 9, 2017
5712cad
Merge branch 'gh-pages' into privacy-updates
markafoltz May 9, 2017
dadfa16
Delete whitespace
markafoltz May 9, 2017
988f2c8
Address comments by @avayvod
markafoltz May 9, 2017
bfe390b
Additional changes for @avayvod
markafoltz May 9, 2017
09ae067
Drop sentence describing monitoring behavior.
markafoltz May 9, 2017
a17a7c4
Remove callbackId example
markafoltz May 10, 2017
89be354
Merge remote-tracking branch 'upstream/gh-pages' into gh-pages
markafoltz Jun 13, 2017
b4afe7d
Merge branch 'gh-pages' into privacy-updates
markafoltz Jun 13, 2017
ccca18a
Drop mention of disabling remote playback. Reword other sentences.
markafoltz Jun 13, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 25 additions & 6 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -620,10 +620,11 @@ <h5>
"https://github.com/w3c/remote-playback/blob/gh-pages/use-cases.md#power-saving-friendly">
power saving non-functional requirement</a>. For example, the
<a>user agent</a> MAY not run the monitoring algorithm when the
<a>global set of availability callbacks</a> is empty or each page
that has <a data-lt="media element">media elements</a> with
non-empty <a>set of availability callbacks</a> is not in the
foreground.
<a>global set of availability callbacks</a> is empty, when every
page that has <a data-lt="media element">media elements</a> with
non-empty <a>set of availability callbacks</a> is in the
background, or when the user has <a data-lt="disable remote
playback">disabled remote playback</a> on all media elements.
</p>
<p>
Some <a>remote playback devices</a> may only be able to play a
Expand Down Expand Up @@ -759,6 +760,14 @@ <h5>
</ol>
</li>
</ol>
<div class="note">
To avoid leaking information that could fingerprint the user, the
user agent SHOULD assign the <var>callbackId</var> based on the
identity of the <a>media element</a> alone, and not the identity
of the browser profile or any <a>remote playback device</a>. For
example, the user agent could base the <var>callbackId</var> on
the timestamp the <a>media element</a> was created.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I think this example implies the callback ids must be unique across all the media elements within a browser session which is not true. They only must be unique for each media element alone. An example is a counter in the media element's scope, that's set to 0 when the media element is created and is incremented each time its value is returned by watchAvailability() for this particular element as the callback id.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That seems inconvenient if a page is watching availability on multiple elements and wants to keep the callbacks in a Map or otherwise track the set of callbacks by id.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair point. It might be more likely having one callback per many elements compared to many callbacks for a single element. The spec doesn't guarantee any cross-element uniqueness of the ids at the moment though.

@jernoble @mounirlamouri WDYT?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like this requires discussion in a separate issue. I'll remove the example from this PR and suggest it separately.

</div>
</section>
<section>
<h5>
Expand Down Expand Up @@ -1341,7 +1350,8 @@ <h4>
<p>
When the <a data-link-for=
'HTMLMediaElement'>disableRemotePlayback</a> attribute is added to
the <a>media element</a>, the user agent MUST run these steps:
the <a>media element</a>, the user agent MUST run the steps
to <dfn>disable remote playback</dfn>:
</p>
<ol>
<li>Reject any pending promises returned by the
Expand Down Expand Up @@ -1377,7 +1387,8 @@ <h3>
area network. This could be used in conjunction with other
information for fingerprinting the user. However, this information is
also dependent on the user's local network context, so the risk is
minimized.
minimized. Also, by design, the human readable name of a <a>remote
playback device</a> is not revealed to the page.
</p>
<p>
The API enables <a href=
Expand All @@ -1391,6 +1402,14 @@ <h3>
used to probe information about which <a>remote playback device</a>
the user has without user consent.
</p>
<p>
The user agent MAY stop <a data-lt="monitor the list of available
remote playback devices"> monitoring the list of available remote
playback devices</a> at any time if the user disables remote playback
(for example, through a browser setting). In this state, pages will
receive no further information about the availability of <a>remote
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In such a scary (to web authors) scenario I think firing the callbacks with availability set to false if needed would be nice.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the normative part of the spec should then describe the behavior of stop monitoring the list of remote playback devices. I'll drop the last sentence and file this as an enhancement.

playback devices</a>.
</p>
</section>
<section>
<h3>
Expand Down