[EME] Add specific advice about handling persisted data to Privacy Considerations.
authorDavid Dorwin <ddorwin@google.com>
Mon, 11 Aug 2014 16:02:03 -0700
changeset 384 385c6435612f
parent 383 1594030f0da8
child 385 7b3dd5a1f571
[EME] Add specific advice about handling persisted data to Privacy Considerations.
encrypted-media/encrypted-media.html
encrypted-media/encrypted-media.xml
--- a/encrypted-media/encrypted-media.html	Mon Aug 11 14:55:53 2014 -0700
+++ b/encrypted-media/encrypted-media.html	Mon Aug 11 16:02:03 2014 -0700
@@ -1570,6 +1570,14 @@
       <dt>Encryption or obfuscation of Key System stored data</dt>
       <dd>User agents should treat data stored by Key Systems as potentially sensitive; it is quite possible for user privacy to be compromised by the release of this information. To this end, user agents should ensure that such data is securely stored and when deleting data, it is promptly deleted from the underlying storage.</dd>
     </dl>
+    
+    <p>User agent and CDM implementations that allow the CDM to persist data should:</p>
+    <ul>
+      <li>Ensure it is restricted to the origin for which it was created.</li>
+      <li>Ensure it is restricted to the current profile and does not leak to or from Incognito/Private Browsing sessions.</li>
+      <li>Allow the user to clear it, preferably by origin.</li>
+      <li>Treat it like other site data, including presenting it along with cookies, including it in "remove all data", and presenting it in the same UI locations.</li>
+    </ul>
 
     <h3 id="privacy-secureorigin">7.3. Use Secure Origin and Transport</h3>
     <p>In order to protect identifiers and other information discussed in previous sections, user agents may choose to only support the EME APIs and/or specific Key Systems (i.e. based on privacy and security risks) on secure origins.
--- a/encrypted-media/encrypted-media.xml	Mon Aug 11 14:55:53 2014 -0700
+++ b/encrypted-media/encrypted-media.xml	Mon Aug 11 16:02:03 2014 -0700
@@ -1544,6 +1544,14 @@
       <dt>Encryption or obfuscation of Key System stored data</dt>
       <dd>User agents should treat data stored by Key Systems as potentially sensitive; it is quite possible for user privacy to be compromised by the release of this information. To this end, user agents should ensure that such data is securely stored and when deleting data, it is promptly deleted from the underlying storage.</dd>
     </dl>
+    
+    <p>User agent and CDM implementations that allow the CDM to persist data should:</p>
+    <ul>
+      <li>Ensure it is restricted to the origin for which it was created.</li>
+      <li>Ensure it is restricted to the current profile and does not leak to or from Incognito/Private Browsing sessions.</li>
+      <li>Allow the user to clear it, preferably by origin.</li>
+      <li>Treat it like other site data, including presenting it along with cookies, including it in "remove all data", and presenting it in the same UI locations.</li>
+    </ul>
 
     <h3 id="privacy-secureorigin">7.3. Use Secure Origin and Transport</h3>
     <p>In order to protect identifiers and other information discussed in previous sections, user agents may choose to only support the EME APIs and/or specific Key Systems (i.e. based on privacy and security risks) on secure origins.