Re: Leakage (Re: Requirements on mandatory constraints (ACTION-27)) from Jan-Ivar Bruaroey on 2013-12-03 (public-media-capture@w3.org from December 2013)

From: Jan-Ivar Bruaroey <jib@mozilla.com>
Date: Tue, 03 Dec 2013 15:28:22 -0500
To: Martin Thomson <martin.thomson@gmail.com>, Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <529E3EE6.2040805@mozilla.com>

On 11/25/13 12:50 PM, Martin Thomson wrote:
> Jan-Ivar's suggestion that we remove the short-circuit on "device not
> present" errors achieves this.  Noting that applications can already
> enumerate and therefore determine whether a camera or microphone is
> even present, I'm comfortable with this.  Almost.

Great!

> The nasty corner case is where I only have an environment-facing
> camera and the application requires a user-facing camera.  The
> application sees that I have a camera and asks, applying a mandatory
> constraint.  I cannot comply with this, so the only real option we are
> left with is the application timing out.

Not so. My proposal merely removes the "Allow" choice in this case to comply with the app's wishes, the "Deny" choice is still there (maybe it's called "OK" when there's only one button, whatever), the important part is there's no new "timing out" problem introduced.

If the user ever hits OK (deny) then the app learns that it cannot have the user's environment-facing camera or the user doesn't have one, it doesn't know which.

Separately, I refuse to get hung up about timeouts. Both Chrome's and Firefox's door hangers are designed to be ignorable. Apps lost the modal battle. Live with it.

But back to leakage...

Your case is: The app absolutely requires an environment-facing camera, and you don't have one.

If we care about leakage here, then the app MUST have permission before it can learn the answer to whether you have an environment-facing camera or not. With my proposal, the app has two choices:

  1) make the constraint mandatory, and have the browser let the user down, or

  2) make the constraint optional, get access, then query camera and let the user down yourself.

In either case, no leakage without consent.

This reminds me of a web site I once visited. None of its features ever worked, but how it told me this was really impressive and stuck with me.

.: Jan-Ivar :.

PS: Any app that uses facingMode with mandatory is asking for false negatives. Consider what the browser does do when it doesn't know what facingMode a camera has.

Received on Tuesday, 3 December 2013 20:28:50 UTC