W3C home > Mailing lists > Public > public-media-capture@w3.org > January 2013

Re: user permission for recording?

From: Timothy B. Terriberry <tterriberry@mozilla.com>
Date: Tue, 29 Jan 2013 17:33:46 -0800
Message-ID: <5108787A.2020001@mozilla.com>
To: "public-media-capture@w3.org" <public-media-capture@w3.org>
Martin Thomson wrote:
> Speaking purely from a security perspective, once the site has access
> to the media, then the cat is out of the bag.  At best, additional

I agree with Martin here.

> If your application needs to meet a local legislative requirement
> regarding consent and awareness, then that can be implemented by the
> application.

We _should_ be careful to document this (in the spec and elsewhere), but 
I don't think we can enforce it through technical means.

Harald Alvestrand wrote:
> I don't see at the moment how to apply this logic to a remote media
> stream - when it is sent from the other side, it's authorized to an
> identity - but we haven't made any way to encode restrictions on what
> the recipient can do with the media stream once he has it.

This concerns me, and I think it could at least be solved in the case 
where both parties are running browsers and both have indicated they 
don't trust their own JS, but I haven't worked out the details of what 
that would look like. EKR tells me he thinks he knows how to solve this 
problem.
Received on Wednesday, 30 January 2013 01:34:14 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:03 GMT