- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 29 Oct 2013 11:04:37 -0700
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 29 October 2013 04:45, Harald Alvestrand <harald@alvestrand.no> wrote: > If a stream is opened "noaccess", and the site changes it to "full", and > then immediately back to "noaccess", the site can get a picture of the > user without the user noticing anything, even if he watches the > indicator that says whether he's authorized outgoing video or not. That scenario smells more like conspiracy theory than a genuine attack, if you ask me. If you are on the whitelist, then this sort of posturing isn't necessary. This aggressor can also open a separate, unconstrained stream that doesn't display in a <video> tag. > Can you write up a complete > use case where you will want to use the "noaccess" constraint "Hair Check" A real-time application provides users with the ability to check what is being displayed on the camera prior to granting consent for use of the camera. (The same applies to use of a microphone.)
Received on Tuesday, 29 October 2013 18:05:05 UTC