RE: Comments/Questions on Media Capture Streams – Privacy and Security Considerations

So what would be a reasonable default, somewhere between a few hours and eternity?

 

Mike

 

 

From: Eric Rescorla [mailto:ekr@rtfm.com] 
Sent: 29 October 2015 07:17
To: Mike O'Neill <michael.oneill@baycloud.com>
Cc: Rigo Wenning <rigo@w3.org>; Martin Thomson <martin.thomson@gmail.com>; public-privacy (W3C mailing list) <public-privacy@w3.org>; Mathieu Hofman <Mathieu.Hofman@citrix.com>; Harald Alvestrand <harald@alvestrand.no>; Nick Doty <npdoty@w3.org>; public-media-capture@w3.org
Subject: Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations

 

There's really not much point in having a a persistent permission for camera

and microphone that is measured in hours, because that means that the

vast majority of times when people want to use these devices (like one

video call every day or two) they will be prompted for permission.

 

-Ekr

 

 

On Thu, Oct 29, 2015 at 4:08 PM, Mike O'Neill <michael.oneill@baycloud.com <mailto:michael.oneill@baycloud.com> > wrote:

Even when there is a visual indication people can miss it or not understand
what it is . Given the sensitivity of having a "hot" mike/camera, persistent
permissions should also have an expiry so even if people are unaware of them
they will not be there for perpetuity.

In general all permissions should have an expiry in my view, with the
duration reported when the permission is requested. (i.e. this should be
part of the permissions API, not just MediaCapture). Those that are less
sensitive may have a longer duration but MediaCapture should be relatively
short (hours?).


Mike



-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org <mailto:rigo@w3.org> ]
Sent: 29 October 2015 06:52
To: Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com> >
Cc: Martin Thomson <martin.thomson@gmail.com <mailto:martin.thomson@gmail.com> >; public-privacy (W3C mailing
list) <public-privacy@w3.org <mailto:public-privacy@w3.org> >; Mathieu Hofman <Mathieu.Hofman@citrix.com <mailto:Mathieu.Hofman@citrix.com> >;
Harald Alvestrand <harald@alvestrand.no <mailto:harald@alvestrand.no> >; Nick Doty <npdoty@w3.org <mailto:npdoty@w3.org> >;
public-media-capture@w3.org <mailto:public-media-capture@w3.org> 
Subject: Re: Comments/Questions on Media Capture Streams – Privacy and
Security Considerations

On Thursday 29 October 2015 15:37:12 Eric Rescorla wrote:
> On Thu, Oct 29, 2015 at 3:35 PM, Rigo Wenning <rigo@w3.org <mailto:rigo@w3.org> > wrote:
> > On Thursday 29 October 2015 15:04:05 Eric Rescorla wrote:
> > > Chrome and Firefox do both of the two things listed in this quoted
block
> > >
> > > 1. Inform the user that the devices are hot.
> >
> > Ok, in this case I can understand that if one has a visual indication
that
> > mic
> > and camera are "on" the need for an additional prompt is somewhat moot.
> >
> > > 2. Provide mechanisms for revoking consent.
> >
> > This is then a question of usability. Is clicking on the visual
indication
> > allowing to revoke the consent/permission?
>
> Yes, generally.

In this case, my earlier criticism was based on insufficient information. I
think this does what it is supposed to do. I still think that persistent
(forever) permissions are a mistake. But this is mitigated by the fact that
the browser indicates when mic and camera are "on".

 --Rigo

 

Received on Thursday, 29 October 2015 15:30:43 UTC