RE: Proposal for output device selection

On 19 August 2013 01:06, Tommy Widenflycht (ᛏᚮᛘᛘᚤ) <tommyw@google.com> wrote:
> I would like to see a separate permissions request for device enum which
> would solve all fingerprinting issues.


Martin wrote:
> Sadly, I don't think that this improves security in any meaningful
> way.  Nor do I believe that the benefits with respect to
> fingerprinting resilience are as significant as some people believe.
> 
> The main problem with requiring user consent for enumeration is that
> it is very difficult to communicate effectively.  By which I mean that
> it's very difficult to gain any significant confidence that the user
> has understood and consented to the request.  And it's hard to
> guarantee that requests of this nature don't become annoyances, which
> is highly counterproductive.

Further, any permission that can be asked for can be easily acquired through blackmail by the application "if you want candy you will let me have this", which makes the "permission" a joke. 

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

Received on Monday, 19 August 2013 21:59:12 UTC