Re: Bug 23934 - Proposal: Always launch permission prompt to avoid leakage from Jan-Ivar Bruaroey on 2013-12-06 (public-media-capture@w3.org from December 2013)

From: Jan-Ivar Bruaroey <jib@mozilla.com>
Date: Thu, 05 Dec 2013 22:11:44 -0500
To: cowwoc <cowwoc@bbs.darktech.org>, public-media-capture@w3.org
Message-ID: <52A14070.5090804@mozilla.com>

On 12/5/13 8:30 PM, cowwoc wrote:
> I agree that the document does not mention usability explicitly but 
> you cannot have good usability without access to information made 
> available by "debuggability". When something goes wrong, 
> "debuggability" allows you to find out why/what went wrong. An 
> application leverages this information to provide a better user 
> experience, especially in the case of a failure conditions.
>
> Case in point: an end-user tries joining my conference bridge. He 
> always gets a permission prompt, clicks "Allow" but the operation 
> fails with some vague error. After many hours of investigation we 
> still can't figure out whether the browser can't see the camera, or 
> the camera doesn't support the requested resolution, or a 
> camera-specific bug prevents the request from going through (e.g. 
> https://code.google.com/p/webrtc/issues/detail?id=1912), or the user 
> is doing something wrong (reporting he is doing something when he is 
> not), etc. If I could read the camera's capabilities I could quickly 
> investigate which of these conditions is occurring, but with your 
> proposal I have no way of finding out.

My proposal wont affect this use case, because your end-user clicks 
"Allow" so you are not over-constrained. My proposal only concerns the 
over-constrained case. No-one's concerned about leakage once permission 
is granted.

> I don't look forward to supporting non-technical users who run into 
> this kind of problem.
>
> To summarize: I don't take issue with whether your proposal will 
> prevent fingerprintability, nor with the fact that "fingerprinting is 
> bad". My only argument is that preventing fingerprinting comes at a 
> cost, and in this case I argue that doing so is not worth the price.

I'm not sure what you think my proposal will prevent you from doing that 
you can do today. You can't query the camera's capabilities today 
without permission, can you? Even getMediaDevices() will require 
permission as I understand it (though I'm a little hazy on that, as is 
the spec it seems).

>
> Gili

.: Jan-Ivar :.

Received on Friday, 6 December 2013 03:12:13 UTC