This issue is coming from discussions at TPAC 2019 during the Media WG F2F (minutes)
The conclusion of the discussions was to add language in the spec about privacy implications. This may mean adding a Privacy & Security Consideration section (if not already there) that mentions the fingerprinting concerns. We are talking about something that requires CDM access and often permissions, it's not a high fingerprinting source. Furthermore, the spec should offer a way out for browsers that decide to not expose this information. Ideas suggested were to reject the promised, lie (with a default value that the spec would offer), or have a "unknown" value.
mounirlamouri
commented
4 years ago
This issue is coming from discussions at TPAC 2019 during the Media WG F2F (minutes)
The conclusion of the discussions was to add language in the spec about privacy implications. This may mean adding a Privacy & Security Consideration section (if not already there) that mentions the fingerprinting concerns. We are talking about something that requires CDM access and often permissions, it's not a high fingerprinting source. Furthermore, the spec should offer a way out for browsers that decide to not expose this information. Ideas suggested were to reject the promised, lie (with a default value that the spec would offer), or have a "unknown" value.