+ An alternative design approach in which sites expose the available media + formats and browsers evaluate these against capabilities, returning only + the chosen format was considered. However, this would not in fact offer + a privacy benefit since sites could use the API repeatedly to obtain the + complete capability set. Stringent rate limiting of the API could interfere + with normal site behaviors such as speculative preparation across multiple + playback items. +
If an implementation wishes to implement a fingerprint-proof version of this specification, it would be recommended to fake a given set of @@ -1221,8 +1229,11 @@ spec: encrypted-media-draft; for: EME; urlPrefix: https://w3c.github.io/encrypte degrade the user's experience. Another mitigation could be to limit these Web APIs to top-level browsing contexts. Yet another is to use a privacy budget that throttles and/or blocks calls to the API above a - threshold. + threshold. Additionally, browsers may consider whether a site goes on + to make use of the capabilities it detects and apply more stringent + controls to sites that are observed not to do so.
+