- From: cowwoc <cowwoc@bbs.darktech.org>
- Date: Thu, 26 Sep 2013 02:36:40 -0400
- To: Kiran Kumar <g.kiranreddy4u@gmail.com>
- CC: Anne van Kesteren <annevk@annevk.nl>, "public-media-capture@w3.org" <public-media-capture@w3.org>, Harald Alvestrand <harald@alvestrand.no>, Robert O'Callahan <robert@ocallahan.org>, Martin Thomson <martin.thomson@gmail.com>
- Message-ID: <5243D5F8.2030403@bbs.darktech.org>
Kiran,
It doesn't make sense to treat this differently from other browser
features (such as saved form fields) which assume one user per Windows
account. I consider the caching of credit card information to be much
more sensitive than whether an application has access to my webcam.
Whatever policy we take, it should be consistent across the board.
Gili
On 26/09/2013 12:56 AM, Kiran Kumar wrote:
> Gili,
>
> At-least for me, this solution seems to be problematic regarding
> security considerations.
>
> I suggest one modification to avoid this problem, that is, for every
> time I open the same application, browser should prompt the existing
> permissions (instead of just reviewAllpermissions option), and should
> give facility to change them or continue with them. (This is just an
> overview, of-course still I have to think more deeper into this
> problem by analyzing various other scenarios too).
>
> Thanks,
> Kiran.
>
>
> On Wed, Sep 25, 2013 at 6:07 PM, cowwoc <cowwoc@bbs.darktech.org
> <mailto:cowwoc@bbs.darktech.org>> wrote:
>
> Kiran,
>
> I assume you're referring to Windows. Under Windows, if your
> wife logs in under the same user account as you then for all
> intensive purposes she *is* you. If she wants separate permissions
> then she should use her own user account (which is preferable
> since she will get her own list of bookmarks, saved passwords, etc).
>
> Gili
>
>
> On 25/09/2013 1:00 AM, Kiran Kumar wrote:
>> Hi Gili,
>>
>> I have a doubt here, which requires some clarification for your
>> (hybrid) proposal,
>>
>> "Browser caches the permissions for some particular website to
>> use the same permissions for the next time", my doubt in this
>> statement is,
>> If I open a website and gave permission to access my camera,
>> after some time if my wife want to open the same app in the same
>> computer/mobile, where she don't want to give permission to the
>> camera. Chances are there for providing permissions to camera
>> unknowingly.
>>
>> I don't know whether I understood it correctly or is there any
>> misunderstanding,
>>
>> Thanks,
>> Kiran.
>>
>>
>>
>> On Tue, Sep 24, 2013 at 3:36 AM, Martin Thomson
>> <martin.thomson@gmail.com <mailto:martin.thomson@gmail.com>> wrote:
>>
>> I tend to agree with this conclusion. That said, the guidance
>> I've received indicates that this is a little better
>> understood than Anne suggests. That guidance is pretty clear:
>> it is not currently a good idea to talk to users about
>> fingerprinting risks, no matter how the question is
>> formulated. But times, and people, change, so putting this
>> side for now seems wise.
>>
>> On Sep 24, 2013 7:55 AM, "Anne van Kesteren"
>> <annevk@annevk.nl <mailto:annevk@annevk.nl>> wrote:
>>
>> On Mon, Sep 23, 2013 at 1:17 AM, Harald Alvestrand
>> <harald@alvestrand.no <mailto:harald@alvestrand.no>> wrote:
>> > Adding directly the 3 people who I think you have to
>> convince explicitly.
>>
>> I think we need to revisit this at some point in a more
>> general
>> context. I think being able to indicate somehow
>> (declarative maybe,
>> manifest) what you need and having success/failure for
>> these as the
>> user starts using the respective features (or you might
>> grant a few if
>> the user bookmarks the app) might make sense.
>>
>> I don't think we're quite there yet though in fully
>> understanding what
>> an app on the web is. It's fine to experiment, but too
>> soon to
>> standardize.
>>
>>
>> --
>> http://annevankesteren.nl/
>>
>>
>
>
Received on Thursday, 26 September 2013 06:37:29 UTC