Re: Proposal for output device selection from ᛏᚮᛘᛘᚤ on 2013-08-19 (public-media-capture@w3.org from August 2013)

From: ᛏᚮᛘᛘᚤ <tommyw@google.com>
Date: Mon, 19 Aug 2013 10:06:39 +0200
To: Harald Alvestrand <hta@google.com>
Cc: robert@ocallahan.org, Tommi <tommi@google.com>, Martin Thomson <martin.thomson@gmail.com>, Justin Uberti <juberti@google.com>, Chris Wilson <cwilso@google.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>, Victoria Kirst <vrk@google.com>
Message-ID: <CALLKCfN-_fMZLhPZMnn-dnbn7rf5uj2n-kwy=m16wMVmf72sjw@mail.gmail.com>

My 2 cents:

I would like to see a separate permissions request for device enum which
would solve all fingerprinting issues. A getUserMedia permissions request
would also grant device enum rights but obviously not the other way around.
Without a granted device enum permissions request the web app should not
even be able to see the number of devices.

The current idea that one has to call getUserMedia before getting all info
from device enum feels very wonky to me is is not compelling from an user
perspective.

The obvious drawback to my suggestion is that in some cases the user will
be presented with dual permissions requests.

/Tommy


On Fri, Aug 16, 2013 at 1:20 PM, Harald Alvestrand <hta@google.com> wrote:

> I think the conclusion on the same subject for input devices was that
> giving the drive-by web the ability to tell the number of devices you have
> and of what type (video/audio) was a reasonable compromise between the fear
> of fingerprinting and the desire for sensible user interfaces.
>
> I hope we can make the same call for output devices; having those be
> different would, I think, be confusing to the developer and to the user.
>
> As for "details": Agreed.
>
>
> On Fri, Aug 16, 2013 at 12:51 PM, Robert O'Callahan <robert@ocallahan.org>wrote:
>
>> On Fri, Aug 16, 2013 at 10:37 PM, Tommi <tommi@google.com> wrote:
>>
>>> On Fri, Aug 16, 2013 at 4:15 AM, Robert O'Callahan <robert@ocallahan.org
>>> > wrote:
>>>
>>  Any kind of device enumeration creates privacy issues which a "logical
>>>> output device" approach simply doesn't have.
>>>>
>>>
>>> Can you clarify exactly what privacy issues you're thinking of?  There
>>> are pros and cons on both sides so it's easier to discuss specifics to see
>>> if things are solvable or not.
>>>
>>
>> Handing over the details of every available audio device to every Web
>> site the user visits would make a good vector for user tracking and
>> profiling.
>>
>> Rob
>> --
>> Jtehsauts  tshaei dS,o n" Wohfy  Mdaon  yhoaus  eanuttehrotraiitny  eovni
>> le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o  Whhei csha iids  teoa
>> stiheer :p atroa lsyazye,d  'mYaonu,r  "sGients  uapr,e  tfaokreg iyvoeunr,
>> 'm aotr  atnod  sgaoy ,h o'mGee.t"  uTph eann dt hwea lmka'n?  gBoutt  uIp
>> waanndt  wyeonut  thoo mken.o w  *
>> *
>>
>
>

Received on Monday, 19 August 2013 08:07:09 UTC