- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Tue, 20 Aug 2013 10:21:19 +0200
- To: public-media-capture@w3.org
On 08/19/2013 06:33 PM, Martin Thomson wrote: > On 19 August 2013 01:06, Tommy Widenflycht (ᛏᚮᛘᛘᚤ) <tommyw@google.com> wrote: >> I would like to see a separate permissions request for device enum which >> would solve all fingerprinting issues. > Sadly, I don't think that this improves security in any meaningful > way. Nor do I believe that the benefits with respect to > fingerprinting resilience are as significant as some people believe. > > The main problem with requiring user consent for enumeration is that > it is very difficult to communicate effectively. By which I mean that > it's very difficult to gain any significant confidence that the user > has understood and consented to the request. And it's hard to > guarantee that requests of this nature don't become annoyances, which > is highly counterproductive. Would it make more sense to have a separate "get permissions" call, which took as argument an explicit enumeration of the kinds of resources the script wanted (input devices, output devices, cameras, microphones, screen captures...)? Then it would be the job of the UA to figure out how to message the request for permissions appropriately, and there would only be (at most) one permissions prompt per origin as long as requested permissions did not change. For backwards compatibility with existing getUserMedia, we could say that getUserMedia implicitly called "get permissions"(audio if set, video if set) if "get permissions" hadn't been called before. (this came up in an offline conversation with Tommy; it's not my idea) > > I understand the desire for externalizing the security issues, but I > can't see this working. >
Received on Tuesday, 20 August 2013 08:21:48 UTC