W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2013

Re: Proposed new text for noaccess

From: Harald Alvestrand <harald@alvestrand.no>
Date: Tue, 29 Oct 2013 12:45:22 +0100
Message-ID: <526F9FD2.5010006@alvestrand.no>
To: Martin Thomson <martin.thomson@gmail.com>, Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 10/28/2013 06:34 PM, Martin Thomson wrote:
> On 28 October 2013 10:30, Stefan Håkansson LK
> <stefan.lk.hakansson@ericsson.com> wrote:
>> Do we really think that the average user would be able to understand
>> different levels of (essentially) access to a camera or microphone?
> That's not something that I can answer at this current moment.  It
> probably depends a great deal on how the question is presented.
>
>> And with the current UIs, would we not get to a click through behavior?
>> E.g. the site first asks for "peeridentity"-access, the user clicks
>> "accept", the site upgrades and the user gets a new prompt and does not
>> read/understand the difference and just clicks accept again?
> Given the proposed state machine, I don't see there ever being a case
> where the user gets two prompts.  That is, unless the site is playing
> games with them.  I can think of several ways to discourage bad
> behaviour like that if it comes to that.

Martin, I think I understand what you are getting at now - the
"noaccess" constraint is something one would use to wire up the streams
and devices while delaying the prompt to the user for permission to a
point where it's appropriate to do so.
This would also mean that probing the identity of the user's devices for
fingerprinting purposes needs to be defined as "not a problem" - since
with "noaccess", he can do all that probing without ever triggering an
user prompt.

One case that worries me is the case where a site says "look, all the
streams I request are noaccess, you can trust me", and then somehow gets
whitelisted.

If a stream is opened "noaccess", and the site changes it to "full", and
then immediately back to "noaccess", the site can get a picture of the
user without the user noticing anything, even if he watches the
indicator that says whether he's authorized outgoing video or not.

I think I'll repeat what I asked earlier: Can you write up a complete
use case where you will want to use the "noaccess" constraint, so that
we can see what it does, and why it's beneficial to the scenario?

Harald



-- 
Surveillance is pervasive. Go Dark.
Received on Tuesday, 29 October 2013 11:45:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:20 UTC