- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Mon, 25 Mar 2013 13:01:16 +0100
- To: public-media-capture@w3.org
On 3/25/13 10:35 AM, Harald Alvestrand wrote: > On 03/22/2013 01:54 PM, Stefan Håkansson LK wrote: >> I like Haralds proposal, it is an improvement over the current one IMO. >> >> That said, I think Jim has a point. We have earlier talked about that >> no-one should be excluded from a video service because they do not >> have a camera (instead they could use a file as a "fake" camera >> source). With sourceId/sourceInfo the app could exclude users. > > I think this is orthogonal to the difference between the current draft > and what I'm proposing. Agree 100% (that's why I started off saying that I like the proposal). > > If the browser is willing to supply fake cameras, the browser can be > willing to supply fake IDs for the fake cameras. I think the browser > should present a consistent picture. > >> >> If you compare to the access to files on the system, the analogous >> behavior would be that the app could, without any user consent, find >> out how many files there are and what types (extensions) they are. >> That is not possible IIUC. >> >> I would feel better if (at least) the first time used the app could >> not find out much without informing the user. And that trust given can >> be revoked. > > I agree about "not finding out much", the two approaches expose exactly > the same information before consent is given (the number of devices and > their IDs). The WG has already agreed that this info is OK to reveal. I guess I am to some extent questioning that decision (of the _TF_). Over the weekend I have searched for a solution for the (latest) problem of my car. If you enter something like "fix fuel gauge volvo 940" you get a lot of hits - some of them quite obscure. If you click through (which I did 'cause I want to fix my car) you will, with both the proposals, expose your camera and microphone availability to those sites without you knowing you did. That does not feel quite right to me. Those sites can't find out your location (using the GeoLocation) or how many files (of a certain type) you have on your system using File API without the user actively allowing them to. One solution could be that getSourceInfo(); returned an empty sequence until the user has approved the use of at least one device for that site (origin) once. If the user has once approved, the entire list could be returned. (Another solution is perhaps that I get a new car.) BTW, I also like this sentence of the GeoLocation API definition: "Those permissions that are acquired through the user interface and that are preserved beyond the current browsing session (i.e. beyond the time when the browsing context is navigated to another URL) must be revocable and user agents must respect revoked permissions." > > The difference is the question of "facing". If the WG feels happier if > "facing" is also hidden until permission is given, I don't mind. To me it has nothing to do with facing, I think your proposal does not make things worse. I should have been clearer. > > >> >> Stefan >> >> On 3/21/13 8:57 PM, Jim Barnett wrote: >>> I know that most users never change the defaults, but I still think >>> that some of these difficulties are reduced if we give the user >>> multiple security settings: 1. "don't tell apps anything" (i.e., the >>> app must call gUM to get any information at all) 2. "tell them if I >>> have video/audio, but nothing more" (i.e. before the app calls gUM) >>> 3. "let them see labels, facing info, etc." >>> >>> (If we introduce a distinction between trusted and untrusted apps, >>> the levels above would apply to untrusted ones, I would think.) This >>> way the (few) people who understand the situation and care can get >>> the behavior that they want. >>> >>> - Jim -----Original Message----- From: Harald Alvestrand >>> [mailto:harald@alvestrand.no] Sent: Thursday, March 21, 2013 3:38 PM >>> To: public-media-capture@w3.org Subject: Re: An alternate approach to >>> enumerating devices >>> >>> On 03/21/2013 08:23 PM, Jim Barnett wrote: >>>> It may just be that the format is odd on my system, but is 'facing' >>>> available if the app is not trusted? >>> Opinions sought .... "facing" was the last thing I added. Exposing it >>> means that the drive-by web now can make a very good guess on whether >>> you're a phone or a PC; not exposing it means that the app has to do >>> at least one camera grab blind (see other thread). >>> >>> >> >> > >
Received on Monday, 25 March 2013 12:01:37 UTC