- From: Jan-Ivar Bruaroey <jib@mozilla.com>
- Date: Fri, 03 Jul 2015 15:32:25 -0400
- To: Harald Alvestrand <harald@alvestrand.no>, public-media-capture@w3.org
What if we only persisted deviceIds after a successful gUM call? In other words, deviceIds given to a site would only be good for the current session, unless the user shares (or has previously shared) camera or microphone access with it. This would mean that sites you've never shared camera or microphone with would have no memory of deviceIds from previous sessions (like in private-browsing mode today in Firefox). Would this satisfy the "use this device again" use-case? .: Jan-Ivar :. On 6/29/15 8:58 AM, Harald Alvestrand wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 06/29/2015 12:28 PM, Mike O'Neill wrote: >> Rules about cookies were laid down at a time the privacy risks were not as clear. New APIs need to > take into account what we have learnt since then and user’s increasing > concerns about privacy. Of course you could add sections calling for UA > UI to explain the risks, which would have to be spelled out as it is a > new technology, but why not do better than that. The W3C has a > responsibility to regain user’s trust in the platform. >> What is the reason for allowing unauthorised access to deviceID > anyway? And why by third-parties? > > Two desired functionalities led to the current design: > > - - The number of devices of each type is considered important for UIs > that adapt to the end system capabilities. > > - - An UI that is resumed (typically "reload" or a frequently used page) > wants to be able to support "use this device again if it's still > available; if not, present some other UI". (The specific exemplar issue > involved an app that worked with a specialized video device; it made no > sense in their context to continue working with "some other camera"). > > Just a reminder about content of discussion: We do engineering. We need > to be precise about what issue we want solved, and how we figure out > whether we have solved it or not. > > Especially since we are now a month beyond the end of Last Call on this > document. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iEYEARECAAYFAlWRQPEACgkQOMj+2+WY0F6tyACg6Cv1G5Hhlf2RGqM/WQ/W2gYC > OoEAoK1cNNYh4rKTf0PcQ5tIzzlGGARP > =Nw6B > -----END PGP SIGNATURE-----
Received on Friday, 3 July 2015 19:32:55 UTC