Re: Hints argument & privacy concerns from Robin Berjon on 2012-01-19 (public-media-capture@w3.org from January 2012)

From: Robin Berjon <robin@berjon.com>
Date: Thu, 19 Jan 2012 11:12:38 +0100
To: Anant Narayanan <anant@mozilla.com>
Cc: public-media-capture@w3.org
Message-Id: <3E3DAE3B-E59E-4198-BF94-B2C5FAB059E4@berjon.com>

Hi Anant,

On Jan 19, 2012, at 08:06 , Anant Narayanan wrote:
> However, exposing fine grained control over media hardware to web applications has serious security and privacy implications. Enumeration of available devices, for example, will provide several bits of data that will allow third parties to more easily fingerprint users.

Yes, we should definitely not support device characteristics enumeration.

> However, some applications will need a minimum set of requirements in order to be able to function. I propose that we leave it up to the application to detect if the resulting stream has the characteristics it wants, and provide the user with an appropriate message (and perhaps retry with another call to getUserMedia()) if it does not.

Just to be clear, I presume you mean intrinsic properties of the produced stream that would apply if the stream came from somewhere else. In other words, an application can complain that it's not getting stereo sound because it needs it, but it shouldn't be able to complain that it was given the back camera when it wanted the front, right?

> Further, I propose that there should be no differentiation between a user denying a request or a request failing because of unavailable hardware, or any other unexpected reason.  This should have a minimal impact on the user experience as the failure case for all of these can be handled in a similar manner by the application.

+1, detailing errors is futile when the code can't do anything much about them anyway.

> The MediaStreamOptions object is a well-defined JavaScript Object:
> 
> {
>  "audio": false,
>  "video": false,
>  "hints": {
>    "audio": {
>      "channels": "1 | 2"
>      "application": "general | voip | music"
>    },
>    "video": {
>      "orientation": "front | back"
>    }
>  }
> }

This is borderline bikeshedding so I won't insist, but it seems to me that if you pick the right names you can avoid those two levels of nesting:

{
    "audio": false
,   "video": false
,   "channels": "2"
,   "quality": "voip"
,   "camera": "back"
}

-- 
Robin Berjon - http://berjon.com/ - @robinberjon

Received on Thursday, 19 January 2012 10:13:03 UTC