W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2013

Re: Proposed new text for noaccess

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 29 Oct 2013 11:04:37 -0700
Message-ID: <CABkgnnXjOttdW8MYj0C4O7LgpevKMRWuvrTC0NKOX1NrPbbicw@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 29 October 2013 04:45, Harald Alvestrand <harald@alvestrand.no> wrote:
> If a stream is opened "noaccess", and the site changes it to "full", and
> then immediately back to "noaccess", the site can get a picture of the
> user without the user noticing anything, even if he watches the
> indicator that says whether he's authorized outgoing video or not.

That scenario smells more like conspiracy theory than a genuine
attack, if you ask me.  If you are on the whitelist, then this sort of
posturing isn't necessary.  This aggressor can also open a separate,
unconstrained stream that doesn't display in a <video> tag.

> Can you write up a complete
> use case where you will want to use the "noaccess" constraint

"Hair Check"

A real-time application provides users with the ability to check what
is being displayed on the camera prior to granting consent for use of
the camera.  (The same applies to use of a microphone.)
Received on Tuesday, 29 October 2013 18:05:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:20 UTC