W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2013

Re: Proposed new text for noaccess

From: Harald Alvestrand <harald@alvestrand.no>
Date: Tue, 29 Oct 2013 12:45:22 +0100
Message-ID: <526F9FD2.5010006@alvestrand.no>
To: Martin Thomson <martin.thomson@gmail.com>, Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 10/28/2013 06:34 PM, Martin Thomson wrote:
> On 28 October 2013 10:30, Stefan Håkansson LK
> <stefan.lk.hakansson@ericsson.com> wrote:
>> Do we really think that the average user would be able to understand
>> different levels of (essentially) access to a camera or microphone?
> That's not something that I can answer at this current moment.  It
> probably depends a great deal on how the question is presented.
>> And with the current UIs, would we not get to a click through behavior?
>> E.g. the site first asks for "peeridentity"-access, the user clicks
>> "accept", the site upgrades and the user gets a new prompt and does not
>> read/understand the difference and just clicks accept again?
> Given the proposed state machine, I don't see there ever being a case
> where the user gets two prompts.  That is, unless the site is playing
> games with them.  I can think of several ways to discourage bad
> behaviour like that if it comes to that.

Martin, I think I understand what you are getting at now - the
"noaccess" constraint is something one would use to wire up the streams
and devices while delaying the prompt to the user for permission to a
point where it's appropriate to do so.
This would also mean that probing the identity of the user's devices for
fingerprinting purposes needs to be defined as "not a problem" - since
with "noaccess", he can do all that probing without ever triggering an
user prompt.

One case that worries me is the case where a site says "look, all the
streams I request are noaccess, you can trust me", and then somehow gets

If a stream is opened "noaccess", and the site changes it to "full", and
then immediately back to "noaccess", the site can get a picture of the
user without the user noticing anything, even if he watches the
indicator that says whether he's authorized outgoing video or not.

I think I'll repeat what I asked earlier: Can you write up a complete
use case where you will want to use the "noaccess" constraint, so that
we can see what it does, and why it's beneficial to the scenario?


Surveillance is pervasive. Go Dark.
Received on Tuesday, 29 October 2013 11:45:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:20 UTC