Re: UI for enabling webcam use from untrusted content

On Fri, 11 Dec 2009, Kenton Varda wrote:
> On Fri, Dec 11, 2009 at 8:40 AM, Ian Hickson <> wrote:
> > 
> > I think once we've given a site access to the bits coming from the 
> > camera, we've got no way of knowing what the site is doing with the 
> > data, so we have to treat them as equivalent.
> Well, if there were a way for a script to be prohibited from 
> communicating with anything (remote servers, other processes on the 
> system, etc.), then you could safely give it access to the camera.  
> This could be a useful security property it some cases, but probably 
> isn't worth pursuing for the moment.  This relates to the 
> (un-Googlably-named) "*-Property":

You'd also have to block access to the local storage and cookie stores, 
and workers, and block access to other frames and windows, and prevent new 
CSS rules from being added, and prevent the user from clicking any links 
in the page. I'm not sure it'd be particularly useful.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Friday, 11 December 2009 18:32:30 UTC