W3C home > Mailing lists > Public > public-media-capture@w3.org > August 2013

Re: Proposal for output device selection

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 19 Aug 2013 09:33:12 -0700
Message-ID: <CABkgnnXx98z-MbVqhYFrdDBxHWR=OkOZ_SyMubD+wvCj4yjT1g@mail.gmail.com>
To: Tommy Widenflycht (ᛏᚮᛘᛘᚤ) <tommyw@google.com>
Cc: Harald Alvestrand <hta@google.com>, "Robert O'Callahan" <robert@ocallahan.org>, Tommi <tommi@google.com>, Justin Uberti <juberti@google.com>, Chris Wilson <cwilso@google.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>, Victoria Kirst <vrk@google.com>
On 19 August 2013 01:06, Tommy Widenflycht (ᛏᚮᛘᛘᚤ) <tommyw@google.com> wrote:
> I would like to see a separate permissions request for device enum which
> would solve all fingerprinting issues.

Sadly, I don't think that this improves security in any meaningful
way.  Nor do I believe that the benefits with respect to
fingerprinting resilience are as significant as some people believe.

The main problem with requiring user consent for enumeration is that
it is very difficult to communicate effectively.  By which I mean that
it's very difficult to gain any significant confidence that the user
has understood and consented to the request.  And it's hard to
guarantee that requests of this nature don't become annoyances, which
is highly counterproductive.

I understand the desire for externalizing the security issues, but I
can't see this working.
Received on Monday, 19 August 2013 16:33:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:18 UTC