[Bug 25245] Specify "access" in the context of getMediaDevices from bugzilla@jessica.w3.org on 2014-04-07 (public-media-capture@w3.org from April 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 07 Apr 2014 15:57:56 +0000
To: public-media-capture@w3.org
Message-ID: <bug-25245-5753-mD8JYPiJ8A@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25245

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ian@hixie.ch

--- Comment #2 from Ian 'Hixie' Hickson <ian@hixie.ch> ---
This is a fingerprinting vulnerability (it provides previously-unavailable
unique bits to identify the user), and thus should be considered in a privacy
context.

This is a potential abuse vulnerability (combined with other APIs, it allows
the author to send content to remote speakers without the user's consent).

As a user, I would not want a Web page to be able to enumerate any devices I
have without my explicit opt-in.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

Received on Monday, 7 April 2014 15:57:57 UTC