- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Thu, 06 Dec 2012 20:31:03 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 12/06/2012 06:40 PM, Martin Thomson wrote: > On 6 December 2012 00:03, Harald Alvestrand <harald@alvestrand.no> wrote: >> One mitigation strategy we discussed briefly in Lyon was to make failure on >> unsatisfied constraints rate-limited > I don't see that as satisfactory. Either the information is really > necessary, which means that applications will need to make a couple of > tests quickly at page load time, or it is dangerous, in which case > rate limiting isn't going to limit the damage enough to make any > significant difference. Yes, you can limit the damage, but only after > the first few bits of fingerprint are recovered. > > We need to solve this problem. I'm now more firmly resolved that > mandatory constraints are bad. The fingerprinting perspective is > actually less interesting than the usability one. The usability one > is, to my mind, more serious than the concern that ekr raised with > respect to synchronous gUM. And, similarly from an usability perspective, I'm convinced that mandatory constraints are necessary. One of us must be wrong. > > I'd like to get some face-to-face agenda time for this, because I > don't see a conclusion until there is a sufficient force behind it.
Received on Thursday, 6 December 2012 19:31:31 UTC