Re: Proposal for output device selection

On 19 August 2013 01:06, Tommy Widenflycht (ᛏᚮᛘᛘᚤ) <tommyw@google.com> wrote:
> I would like to see a separate permissions request for device enum which
> would solve all fingerprinting issues.

Sadly, I don't think that this improves security in any meaningful
way.  Nor do I believe that the benefits with respect to
fingerprinting resilience are as significant as some people believe.

The main problem with requiring user consent for enumeration is that
it is very difficult to communicate effectively.  By which I mean that
it's very difficult to gain any significant confidence that the user
has understood and consented to the request.  And it's hard to
guarantee that requests of this nature don't become annoyances, which
is highly counterproductive.

I understand the desire for externalizing the security issues, but I
can't see this working.

Received on Monday, 19 August 2013 16:33:40 UTC