- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 11 Jul 2013 09:23:30 -0700
- To: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>
- Cc: Dominique Hazael-Massieux <dom@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 10 July 2013 23:24, Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com> wrote: > [...] if the end user can not verify that the app has only > "noaccess" access to the media, this has little value. The app can just > omit the "noaccess" constraint and do whatever it wants - the user would > not know. This is a tricky user interaction problem. It's very easy to provide too much information. And this particular case is very hard to describe simply. The problem is that the site can send the media anywhere. So, prior to actual sending (and authentication), there isn't a lot that you can tell a user that would make a real difference. Of course, once the stream is sending over an authenticated channel, it's possible to identify where it is going. Sort of. We don't restrict the stream from going to multiple destinations either, so it's entirely possible that the stream is being recorded by the site. And a clever site could cease transmission during the times that the user is checking to prevent them from learning this fact. In short, I can't imagine a good story to tell a user about a noaccess stream, until it reaches a remote peer.
Received on Thursday, 11 July 2013 16:23:58 UTC