- From: Randell Jesup <randell-ietf@jesup.org>
- Date: Wed, 17 Aug 2011 13:51:45 -0400
- To: public-webrtc@w3.org
On 8/17/2011 12:09 PM, Adam Bergkvist wrote: > On 17 augusti 2011 14:47, Rich Tibbett wrote: > >> The model is a reversal on previous thinking: provide an >> unauthorized but tainted webcam/microphone view to the web >> page and allow the user to elevate the permissions at their >> discretion as and when they are requested by the web page. >> >> If we simplify to the point of sticky permission sets, does >> that alleviate some of the concern? Once you've clicked the >> telephony button the page can make as many calls as it likes >> with the untainted Stream object. > Hi > > Is it a serious privacy issue when you trust the AR application enough > to run it? If it can't access the content in your video stream it would > have to know other things like your position and orientation to overlay > the proper information. > > In other cases when you give the web app access to, e.g. an image or > video file with<input type=file> you don't put any constraints on what > the web app may do with it. If you don't trust the app you don't give it > access to your data anyhow. > > I think an indicator in the browser chrome that shows if the camera/mic > is hot, is good enough for version one. We'll need to think how this works for typically frameless/chromeless browsers, like mobile. They may need to force visible chrome when the mic/camera are active, restricting the page space available to the app. (Probably preferentially a strip off one side, allowing the content to reflow normally.) -- Randell Jesup randell-ietf@jesup.org
Received on Wednesday, 17 August 2011 17:54:19 UTC