- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Fri, 12 Jul 2013 07:41:42 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: Dominique Hazael-Massieux <dom@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 7/11/13 6:23 PM, Martin Thomson wrote: > On 10 July 2013 23:24, Stefan Håkansson LK > <stefan.lk.hakansson@ericsson.com> wrote: >> [...] if the end user can not verify that the app has only >> "noaccess" access to the media, this has little value. The app can just >> omit the "noaccess" constraint and do whatever it wants - the user would >> not know. > > This is a tricky user interaction problem. It's very easy to provide > too much information. And this particular case is very hard to > describe simply. > > The problem is that the site can send the media anywhere. So, prior > to actual sending (and authentication), there isn't a lot that you can > tell a user that would make a real difference. > > Of course, once the stream is sending over an authenticated channel, > it's possible to identify where it is going. Sort of. We don't > restrict the stream from going to multiple destinations either, so > it's entirely possible that the stream is being recorded by the site. > And a clever site could cease transmission during the times that the > user is checking to prevent them from learning this fact. > > In short, I can't imagine a good story to tell a user about a noaccess > stream, until it reaches a remote peer. I agree. To me it seems we should spec up the "noaccess" constraint (presumably as part of the getUserMedia operation), and how MediaStream's with this property are special (including rejecting "addTrack"), and then put a note about that the main usefulness is when such MediaStream's are used with PeerConnection. >
Received on Friday, 12 July 2013 07:42:07 UTC