- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 6 Dec 2012 09:40:43 -0800
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 6 December 2012 00:03, Harald Alvestrand <harald@alvestrand.no> wrote: > One mitigation strategy we discussed briefly in Lyon was to make failure on > unsatisfied constraints rate-limited I don't see that as satisfactory. Either the information is really necessary, which means that applications will need to make a couple of tests quickly at page load time, or it is dangerous, in which case rate limiting isn't going to limit the damage enough to make any significant difference. Yes, you can limit the damage, but only after the first few bits of fingerprint are recovered. We need to solve this problem. I'm now more firmly resolved that mandatory constraints are bad. The fingerprinting perspective is actually less interesting than the usability one. The usability one is, to my mind, more serious than the concern that ekr raised with respect to synchronous gUM. I'd like to get some face-to-face agenda time for this, because I don't see a conclusion until there is a sufficient force behind it.
Received on Thursday, 6 December 2012 17:41:13 UTC