- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 19 Aug 2013 09:33:12 -0700
- To: Tommy Widenflycht (ᛏᚮᛘᛘᚤ) <tommyw@google.com>
- Cc: Harald Alvestrand <hta@google.com>, "Robert O'Callahan" <robert@ocallahan.org>, Tommi <tommi@google.com>, Justin Uberti <juberti@google.com>, Chris Wilson <cwilso@google.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>, Victoria Kirst <vrk@google.com>
On 19 August 2013 01:06, Tommy Widenflycht (ᛏᚮᛘᛘᚤ) <tommyw@google.com> wrote: > I would like to see a separate permissions request for device enum which > would solve all fingerprinting issues. Sadly, I don't think that this improves security in any meaningful way. Nor do I believe that the benefits with respect to fingerprinting resilience are as significant as some people believe. The main problem with requiring user consent for enumeration is that it is very difficult to communicate effectively. By which I mean that it's very difficult to gain any significant confidence that the user has understood and consented to the request. And it's hard to guarantee that requests of this nature don't become annoyances, which is highly counterproductive. I understand the desire for externalizing the security issues, but I can't see this working.
Received on Monday, 19 August 2013 16:33:40 UTC