Comments (2)
@avayvod added a privacy and security section.
from remote-playback.
My answers to the questionnaire are below:
- Does this specification deal with personally-identifiable information?
The API generally exposes one bit of information about whether there's a remote
playback device available to the user agent for a particular media element.
Depending on the implementation it is possible to get more information about a
particular device by getting the availability bit for different media resources.
The devices would be discovered on the user's local network.
- Does this specification deal with high-value data?
Generally no. Depending on the remote playback device and the way the media is
remoted, the remote playback device may send a request to fetch the media to the
media server which might contain extra headers with extra data (User-Agent,
authentication cookie, etc).
- Does this specification introduce new state for an origin that persists
across browsing sessions?
No.
- Does this specification expose persistent, cross-origin state to the web?
The availability bit exposed would be the same for any origin and might not
change much for a particular user.
- Does this specification expose any other data to an origin that it doesn’t
currently have access to?
No.
- Does this specification enable new script execution/loading mechanisms?
No.
- Does this specification allow an origin access to a user’s location?
No.
- Does this specification allow an origin access to sensors on a user’s device?
No.
- Does this specification allow an origin access to aspects of a user’s local
computing environment?
It does tell the origin if the user has a remote playback device available,
likely on the local network. It doesn't reveal any specific information about
the device (like it's network IP address or MAC).
- Does this specification allow an origin access to other devices?
Yes. Any remote playback device that the user agent supports and that's
compatible with the media element's resource. The spec requires a user granting
permission to use the device, typically via some UI.
- Does this specification allow an origin some measure of control over a
user agent’s native UI? (showing, hiding, or modifying certain details,
especially if those details are relevant to security)?
The page can request the user agent to show some UI to select or control the
selected remote playback device.
- Does this specification expose temporary identifiers to the web?
No.
- Does this specification distinguish between behavior in first-party and
third-party contexts?
No.
- How should this specification work in the context of a user agent’s
"incognito" mode?
There's no state that would allow the origin to identify the "incognito" mode.
- Does this specification persist data to a user’s local device?
No.
- Does this specification have a "Security Considerations" and "Privacy Considerations" section?
No.
- Does this specification allow downgrading default security characteristics?
It's not restricted in any relevant way so the answer is probably yes.
from remote-playback.
Related Issues (20)
- Adjust notes with normative content HOT 1
- Use [Exposed=Window]
- Add explicit text to define the disableRemotePlayback content attribute
- Restrict the API to Secure Contexts or discuss the decision in Security Considerations HOT 1
- Rephrase normative statement in security and privacy consideration section HOT 1
- Compatibility of Remote Playback API with AirPlay mirroring HOT 2
- [Chrome 64] The RemotePlayback API is disabled on this platform HOT 4
- Chromecast TV not detected HOT 5
- Define remote playback interaction with background playback policies HOT 3
- Explore polyfilling Remote Playback API on top of Presentation API HOT 1
- Support for TTML and IMSC captions HOT 1
- How does remote playback interact with EME? HOT 4
- RemotePlaybackState enum can become misleading when changing media.src HOT 17
- Specify the task source for each task to be enqueued HOT 1
- [meta] Publish Proposed Recommendation HOT 2
- Allow adapting the bitrate to network/receiver constraints when using MSE
- Export terms HOT 2
- A
- render a dummy video/progress bar HOT 1
- example HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from remote-playback.