[html media capture] Proposal to revise test and make Security/Privacy Section non-normative from Hirsch Frederick (Nokia-CTO/Boston) on 2014-05-07 (public-device-apis@w3.org from May 2014)

From: Hirsch Frederick (Nokia-CTO/Boston) <frederick.hirsch@nokia.com>
Date: Wed, 7 May 2014 13:20:39 +0000
To: "<public-device-apis@w3.org>" <public-device-apis@w3.org>
CC: "Hirsch Frederick (Nokia-CTO/Boston)" <frederick.hirsch@nokia.com>
Message-ID: <3CBCC28E-0367-4E21-8B1F-2D3673A27617@nokia.com>

(A) Specification: HTML Media Capture http://www.w3.org/TR/2013/CR-html-media-capture-20130509/#security

(same text in editors draft)

(B) Issue: Security and Privacy Considerations section has normative requirements that are hard to test especially given dependence on implementer criteria and choices

References: pull request comments (Tobie) https://github.com/w3c/web-platform-tests/pull/306

Discussion to make non-normative: http://lists.w3.org/Archives/Public/public-device-apis/2014Mar/0025.html (Dom)

reference to geolocation text http://lists.w3.org/Archives/Public/public-device-apis/2014Mar/0023.html

Pull request review summary: http://lists.w3.org/Archives/Public/public-device-apis/2014Mar/0005.html

(1) make section non-normative and revise text accordingly
Proposed Text:

I propose the following text to replace the text in section 4. Security and privacy considerations

[[

4. Security and privacy considerations

This section is non-normative.

A User Agent implementation of this specification is advised to seek user consent before initiating capture of content by microphone or camera. This may be necessary to meet regulatory, legal and best practice requirements related to the privacy of user data. In addition, the User Agent implementation is advised to provide an indication to the user when an input device is enabled and make it possible for the user to terminate such capture. Similarly, the User Agent is advised to offer user control, such as to allow the user to:

• select the exact media capture device to be used if there exist multiple devices of the same type (e.g. a front-facing camera in addition to a primary camera).
• disable sound capture when in the video capture mode.

This specification builds upon the security and privacy protections provided by the <input type="file"> [HTML5] and the [FILE-API] specifications; in particular, it is expected that any offer to start capturing content from the user’s device would require a specific user interaction on an HTML element that is entirely controlled by the user agent.

Implementors should take care to prevent additional leakage of privacy-sensitive data from captured media. For instance, embedding the user’s location in the metadata of captured media (e.g. EXIF) might transmit more private data than the user is expecting.

]]

(2) Remove corresponding tests for this section

Does the WG agree, any concerns with this resolution? Please share concrete proposals on the list.

regards, Frederick

Frederick Hirsch, Nokia
@fjhirsch

Received on Wednesday, 7 May 2014 13:21:09 UTC