Re: Proposal for output device selection

On Tue, Aug 20, 2013 at 6:21 PM, Harald Alvestrand <harald@alvestrand.no>wrote:

> On 08/19/2013 06:33 PM, Martin Thomson wrote:
>
>> On 19 August 2013 01:06, Tommy Widenflycht (ᛏᚮᛘᛘᚤ) <tommyw@google.com>
>> wrote:
>>
>>> I would like to see a separate permissions request for device enum which
>>> would solve all fingerprinting issues.
>>>
>> Sadly, I don't think that this improves security in any meaningful
>> way.  Nor do I believe that the benefits with respect to
>> fingerprinting resilience are as significant as some people believe.
>>
>> The main problem with requiring user consent for enumeration is that
>> it is very difficult to communicate effectively.  By which I mean that
>> it's very difficult to gain any significant confidence that the user
>> has understood and consented to the request.  And it's hard to
>> guarantee that requests of this nature don't become annoyances, which
>> is highly counterproductive.
>>
>
> Would it make more sense to have a separate "get permissions" call, which
> took as argument an explicit enumeration of the kinds of resources the
> script wanted (input devices, output devices, cameras, microphones, screen
> captures...)?
>
> Then it would be the job of the UA to figure out how to message the
> request for permissions appropriately, and there would only be (at most)
> one permissions prompt per origin as long as requested permissions did not
> change.
>
> For backwards compatibility with existing getUserMedia, we could say that
> getUserMedia implicitly called "get permissions"(audio if set, video if
> set) if "get permissions" hadn't been called before.
>
> (this came up in an offline conversation with Tommy; it's not my idea)



I think this sounds sensible. I'd certainly prefer to just ask the user for
access once per page load rather than once per resource.

Silvia.