- From: Mathieu Hofman via GitHub <sysbot+gh@w3.org>
- Date: Tue, 02 Feb 2016 00:44:21 +0000
- To: public-media-capture-logs@w3.org
> > enumerateDevices() is indeed there to allow the page to get to know what devices are available to enable it to make a more intelligent request via getUserMedia. > It is too dangerous to allow a webpage to know this information. Can you explain why this is dangerous? The deviceId is opaque, per-origin and not persisted. Fingerprint-able info is not available unless the website has permissions. > > Note that the info made available is less if the site currently does not have the permission to use devices (the label is filtered away). > It doesn't matter. The user should be able to grant a webpage access to mic/cam butdeny access to identifiers. So you not only want to remove the info from enumerateDevices, but also from the MediaStream once permissions have been granted!? That is definitely not right. There is plenty of use cases requiring programmatic access to the device info. Visually displaying the device label is only a very small one. The proposal to use secure DOM node could however be interesting as an addition to #45 which tries to solve the problem of device preview before permission is granted. -- GitHub Notification of comment by mhofman Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/311#issuecomment-178276626 using your GitHub account
Received on Tuesday, 2 February 2016 00:44:25 UTC