Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations from Rigo Wenning on 2015-10-29 (public-media-capture@w3.org from October 2015)

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 29 Oct 2015 06:57:11 +0100
To: Eric Rescorla <ekr@rtfm.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, Mathieu Hofman <Mathieu.Hofman@citrix.com>, Harald Alvestrand <harald@alvestrand.no>, Nick Doty <npdoty@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <1813464.XALlvSJrep@hegel>

On Thursday 29 October 2015 14:38:07 Eric Rescorla wrote:
> > again. Is this right? He wrote: "Chrome's UI of just giving persistent
> > permissions without a user prompt".
> 
> Yes, this is how Chrome behaves (assuming you are on HTTPS).
> 
> > If yes, then:

Ok, this means yes for Chrome then..
> > 
> Who are you referring to with "You" here. The people you're talking to
> (Martin and I) both work on Firefox, and we'd be more than happy for
> Chrome to behave the way that Firefox does.

By "You" I mean the people who have made the decision to go without a prompt 
within Chrome. Sorry to have included others by such an imprecise addressing. 
> 
> BTW, if you look into RFC 7478, it says in its browser considerations:
> > ==
> > The browser is expected to provide mechanisms for getting user consent to
> > use
> > device resources such as camera and microphone.
> > ==
> > Now tell me how is not asking the user getting you consent?
> 
> You did ask the user. The permission persists. The normative text
> here is the security document, which specifically contemplates
> persistent consent.

Above you write, Chrome doesn't prompt the user when being on HTTPS. I 
understand that Firefox asked the user. So the Firefox team is doing the right 
thing. Now you're pointing me to the fact that the requirement for the user 
consent is only informational as it is in the security considerations. I'm not 
very versed in IETF process and Specification writing. But aren't those 
reflecting the requirements from Stephen during review asking for MUST revoke? 
Where is that normative text? Can you help me finding it?
> 
> > But furthermore it says:
> > ==
> > The browser is expected to provide mechanisms for informing the user that
> > device resources such as camera and microphone are in use ("hot").
> > 
> > The browser must provide mechanisms for users to revise and even
> > completely
> > revoke consent to use device resources such as camera and microphone.
> > ==
> 
> And as I said, both Chrome and Firefox already do these things.

Ok, so on HTTPS they give permission forever without asking the user but they 
show a beacon in the browser-chrome? Because like "You" was not precise, 
"these things" don't help me to asses the situation. 

 --Rigo

Received on Thursday, 29 October 2015 05:57:27 UTC