W3C home > Mailing lists > Public > public-media-capture@w3.org > December 2012

Re: How to check if permission denied?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 6 Dec 2012 09:40:43 -0800
Message-ID: <CABkgnnU+xEf5MMy7RZuHKFtm1AsH1gtRYRhOG7VgZX_99CZazQ@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 6 December 2012 00:03, Harald Alvestrand <harald@alvestrand.no> wrote:
> One mitigation strategy we discussed briefly in Lyon was to make failure on
> unsatisfied constraints rate-limited

I don't see that as satisfactory.  Either the information is really
necessary, which means that applications will need to make a couple of
tests quickly at page load time, or it is dangerous, in which case
rate limiting isn't going to limit the damage enough to make any
significant difference.  Yes, you can limit the damage, but only after
the first few bits of fingerprint are recovered.

We need to solve this problem.  I'm now more firmly resolved that
mandatory constraints are bad.  The fingerprinting perspective is
actually less interesting than the usability one.  The usability one
is, to my mind, more serious than the concern that ekr raised with
respect to synchronous gUM.

I'd like to get some face-to-face agenda time for this, because I
don't see a conclusion until there is a sufficient force behind it.
Received on Thursday, 6 December 2012 17:41:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:13 UTC