----- Forwarded message from krissyhenley9@gmail.com ----- From: krissyhenley9@gmail.com To: dev-privacy@lists.mozilla.org Date: Wed, 12 Feb 2020 03:03:43 -0800 (PST) Subject: Re: Did W3C EME just criminalize privacy? User-Agent: G2/1.0 List-Id: Privacy related development topics <dev-privacy.lists.mozilla.org> On Monday, May 19, 2014 at 7:43:19 AM UTC-4, Mike Perry wrote:
I just saw https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/ and I'm a bit concerned.
Obviously, it will be simple enough for Tor Browser and other Free/Libre Firefox derivatives to disable this DRM mechanism, but I'm worried about the long term effects of giving the web a persistent device identifier (which that blog post mentions, but I can't find direct reference to in the EME draft spec).
It seems to me that a device identifier will quickly be abused by more than just streaming media sites. What will prevent banking sites, government sites, and even sites that are simply hostile to privacy from requiring the receipt of a device id before allowing access to their content? I've already encountered sites that require me to view a full-page captive advertisement prior to viewing their content. It does not seem too much of a stretch for this type of captive advertisement to use EME to obtain a device identifier as part of this process, too.
Worse: if this does happen, and a Firefox addon, Tor Browser, or other Firefox derivative decides to alter the behavior of this device identifier to bring it fully under user control, will we be violating the DMCA by creating a 'circumvention device'?
Have these issues been considered?
-- Mike Perry
I'm _______________________________________________ dev-privacy mailing list dev-privacy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-privacy ----- End forwarded message -----