W3C home > Mailing lists > Public > public-device-apis@w3.org > December 2009

Re: UI for enabling webcam use from untrusted content

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 11 Dec 2009 18:31:55 +0000 (UTC)
To: Kenton Varda <kenton@google.com>
Cc: "public-device-apis@w3.org" <public-device-apis@w3.org>
Message-ID: <Pine.LNX.4.62.0912111829130.31755@hixie.dreamhostps.com>
On Fri, 11 Dec 2009, Kenton Varda wrote:
> On Fri, Dec 11, 2009 at 8:40 AM, Ian Hickson <ian@hixie.ch> wrote:
> > 
> > I think once we've given a site access to the bits coming from the 
> > camera, we've got no way of knowing what the site is doing with the 
> > data, so we have to treat them as equivalent.
> 
> Well, if there were a way for a script to be prohibited from 
> communicating with anything (remote servers, other processes on the 
> system, etc.), then you could safely give it access to the camera.  
> This could be a useful security property it some cases, but probably 
> isn't worth pursuing for the moment.  This relates to the 
> (un-Googlably-named) "*-Property":
> 
> http://en.wikipedia.org/wiki/Bell-La_Padula_model

You'd also have to block access to the local storage and cookie stores, 
and workers, and block access to other frames and windows, and prevent new 
CSS rules from being added, and prevent the user from clicking any links 
in the page. I'm not sure it'd be particularly useful.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 11 December 2009 18:32:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:03 GMT