- From: Jan-Ivar Bruaroey <jib@mozilla.com>
- Date: Tue, 19 Nov 2013 14:17:13 -0500
- To: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>, Harald Alvestrand <harald@alvestrand.no>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 11/19/13 1:08 PM, Stefan Håkansson LK wrote: > I was talking about leaking and that people tell me that some OS' lie > anyway - so even if you get a successful return from gUM you still don't > know. > >> (though I proposed a solution to that as well, the "user always gets a prompt"). > I think this is a good solution. > >> That said, a site that gets repeat visits will eventually get a full >> picture if they probe a different constraint each time, even if the user >> never permits anything. That still seems wrong. > I agree, but with your proposal (always prompting) we have a solution to > that!? Yes, because the leak happens when gUM returns immediately without prompting the user. If we always prompt, then the malicious webapp cannot tell the difference between Deny and Don'tHave. .: Jan-Ivar :.
Received on Tuesday, 19 November 2013 19:17:42 UTC