Re: Proposed new text for noaccess

On 29 October 2013 04:45, Harald Alvestrand <harald@alvestrand.no> wrote:
> If a stream is opened "noaccess", and the site changes it to "full", and
> then immediately back to "noaccess", the site can get a picture of the
> user without the user noticing anything, even if he watches the
> indicator that says whether he's authorized outgoing video or not.

That scenario smells more like conspiracy theory than a genuine
attack, if you ask me.  If you are on the whitelist, then this sort of
posturing isn't necessary.  This aggressor can also open a separate,
unconstrained stream that doesn't display in a <video> tag.

> Can you write up a complete
> use case where you will want to use the "noaccess" constraint

"Hair Check"

A real-time application provides users with the ability to check what
is being displayed on the camera prior to granting consent for use of
the camera.  (The same applies to use of a microphone.)

Received on Tuesday, 29 October 2013 18:05:05 UTC