- From: Jan-Ivar Bruaroey <jib@mozilla.com>
- Date: Tue, 19 Nov 2013 12:00:40 -0500
- To: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>, Harald Alvestrand <harald@alvestrand.no>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 11/19/13 10:56 AM, Jan-Ivar Bruaroey wrote:
>> Would it make sense to go with only optional constraints for the first
>> version?
>
> See, now how is that preferable to what I'm proposing?
Sorry, you were talking about the leaking problem (though I proposed a
solution to that as well, the "user always gets a prompt"). Given the
number of changes I have to concede what you are proposing as a
possibility. I just think it would be unfortunate.
On the leak topic:
Having tried to perfect an algorithm that extorts as much info as
possible, I should say there are limits to the info one can glean from
one session, since the eventual appearance of a permission prompt if I
prod too narrowly, is a giveaway.
The hacker's problem is that
{ mandatory: {foo: true, width: 1600 } }
failing, doesn't mean with certainty that the user doesn't have that
resolution. So the only way to know for sure is to probe for "sets of
interest" directly, or probe single constraints.
That said, a site that gets repeat visits will eventually get a full
picture if they probe a different constraint each time, even if the user
never permits anything. That still seems wrong.
.: Jan-Ivar :.
Received on Tuesday, 19 November 2013 17:01:09 UTC