- From: jan-ivar via GitHub <sysbot+gh@w3.org>
- Date: Fri, 11 Mar 2016 17:49:31 +0000
- To: public-media-capture-logs@w3.org
I think the PR goes too far. Here's what happened: In July, several of us confused "browser session" (browser-close, like session-cookies [3]) and "browsing session" (navigate away from page). Firefox implements the former, i.e. clears temporary *pre-grant deviceIds* on browser shutdown (and last private browsing mode window). The spec added a clear definition later, retroactively applied to this language (not a great way to cement intentional consensus). Realizing the spec was now stricter than what Firefox implemented, I opened [Bug 1223773](https://bugzilla.mozilla.org/show_bug.cgi?id=1223773) to comply, which I did, but the patch never landed due to discussion in the bug (the bug is now open, so I encourage people to read it). Therefore, changing "browsing session" to "browser session" (or whatever we want to call it), is the *minimal ask*. Anything else is bathwater and baby. > I think that's rolling back a change that @jan-ivar asked for (if my memory's right, he was the one who wanted the ability to not store the device-id-salting cookie if no device had been opened in the session). If you recall, this solved last call feedback from privacy IG and contentious discussion from public backlash at the time [1] [2]. Do we really wish to reopen a privacy debate now? [1] https://lists.w3.org/Archives/Public/public-media-capture/2015Jun/0042.html [2] https://lists.w3.org/Archives/Public/public-media-capture/2015Jul/0004.html [3] Interesting info on session cookies: http://stackoverflow.com/q/10617954/918910 -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/322#issuecomment-195476025 using your GitHub account
Received on Friday, 11 March 2016 17:49:34 UTC