- From: jan-ivar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 Aug 2016 14:51:51 +0000
- To: public-media-capture-logs@w3.org
Thanks @stefhak for digging that up. https://www.w3.org/Bugs/Public/show_bug.cgi?id=22214 and https://github.com/w3c/mediacapture-main/issues/142 agree, so there seems to be no (written record of any) change in conclusion between September 2014 and September 2015. I liked the conclusion because it was implementable, so I think that's why it won. I'll add that, that as with geolocation, where getting a user's location now, vs. getting it always, is different, since users move around, similarly users may add new USB devices over time, so having predictable revocation of this access seems desirable. Same with ondevicechange which can be used in social engineering attacks. All that said, I think @alvestrand has a point that clearing the labels after .stop() even in the same session seems unnecessary (it just provokes people to write polyfills to counteract this behavior). I also just this week discovered a problem with it, which is that it can be used to detect when garbage collection happens, something DOM APIs should avoid. So we should perhaps let labels survive .stop() at least in the current session (i.e. until navigation). I see a couple of options for addressing when things are cleared: 1. Let labels survive .stop() in the current session, and keep 2014-2015 behavior, 2. list-devices permission (though I have questions about when it's cleared), 3. Use the existence of a persisted device id (cleared with cookies). -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/380#issuecomment-240436960 using your GitHub account
Received on Wednesday, 17 August 2016 14:51:59 UTC