Closed nyancat18 closed 7 years ago
offer normal webvr features (whitenoised)
Yeah, because reporting invalid HMD position/rotation in VR is such a great idea. You can't "subtly break" this one without inherently breaking just about anything actually using WebVR.
@DragoonAethis
Or use it via CTP (click to play)
Inox generates an alert (this site requires webvr)...please enable it
i've modified it (a tor browser idea about canvas fingerprint)
Has anyone a code snippet or resource to test against Remote Playback or WebVR API. I think this needs more time to evaluate.
RemotePlayback should be asking for permissions if a device is accessed:
7.3 Device access: [...] The Remote Playback API requires user permission for a page to access any display to mitigate issues that could arise, such as showing unwanted content on a display viewable by others. [...]
however:
7.1 Personally identifiable information: Firing the callback provided via the watchAvailability() method reveals one bit of information about the presence (or non-presence) of a remote playback device typically discovered through the local area network. This could be used in conjunction with other information for fingerprinting the user. However, this information is also dependent on the user's local network context, so the risk is minimized.
Maybe this should be blocked on an extension level via adblocker.
For the ImageCapture and WebVR API we have to check how inox is affected to OriginTrials.
New year, new chromium, new issues.
i give you a full report about new warnings (chromium)
webcam full access (better than webrtc) https://developers.google.com/web/updates/2016/12/imagecapture when was added: https://blog.chromium.org/2016/12/introducing-webvr-api-in-chrome-for.html
recomended: test if leaks ip, if leaks, disable it (just like webrtc), if dpesnt leak, put the warning at README (just like torify inox): put tape at webcam (laptop) or disconnect it (pc)
IOT control, [Direct access to IOT devices] https://w3c.github.io/remote-playback/ recomended: disable it (just like webrtc)
WebVR (WebGL2)
https://blog.chromium.org/2016/12/introducing-webvr-api-in-chrome-for.html
recomended way
easy way: disable webvr (forever/until the hard way is created), as US-CERT recomended qith webgl (lesser poweful)
www.us-cert.gov/current/index.html#web_users_warned_to_turn
hard way: use it via CTP (you MUST make click to enable), like Tor Browser
CTP = Click to play thanks and best regards for this new year