Re: [mediacapture-main] Remove redundant list-devices permission.

Thanks @stefhak for digging that up. 
https://www.w3.org/Bugs/Public/show_bug.cgi?id=22214 and 
https://github.com/w3c/mediacapture-main/issues/142 agree, so there 
seems to be no (written record of any) change in conclusion between 
September 2014 and September 2015. I liked the conclusion because it 
was implementable, so I think that's why it won. 

I'll add that, that as with geolocation, where getting a user's 
location now, vs. getting it always, is different, since users move 
around, similarly users may add new USB devices over time, so having 
predictable revocation of this access seems desirable. Same with 
ondevicechange which can be used in social engineering attacks.

All that said, I think @alvestrand has a point that clearing the 
labels after .stop() even in the same session seems unnecessary (it 
just provokes people to write polyfills to counteract this behavior).

I also just this week discovered a problem with it, which is that it 
can be used to detect when garbage collection happens, something DOM 
APIs should avoid. So we should perhaps let labels survive .stop() at 
least in the current session (i.e. until navigation).

I see a couple of options for addressing when things are cleared:
  1. Let labels survive .stop() in the current session, and keep 
2014-2015 behavior,
  2. list-devices permission (though I have questions about when it's 
cleared),
  3. Use the existence of a persisted device id (cleared with 
cookies).


-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at 
https://github.com/w3c/mediacapture-main/issues/380#issuecomment-240436960
 using your GitHub account

Received on Wednesday, 17 August 2016 14:51:59 UTC