On Mon, Jun 2, 2014 at 4:46 PM, cowwoc <cowwoc@bbs.darktech.org> wrote:
> On 02/06/2014 6:22 PM, Martin Thomson wrote:
>
>> On 2 June 2014 15:19, cowwoc <cowwoc@bbs.darktech.org> wrote:
>>
>>> I'll flip this on its head: why do you want to deny permissions when the
>>> page is reloaded? What are you protecting the user from? :)
>>>
>> You. And everyone like you who think that the camera is theirs.
>>
>
> Again, what attack vector are you actually protecting the user from?
>
This is covered extensively in the security drafts.
> This is equivalent to asking users of gmail.com to re-authenticate every
> time they navigate to a different email or reload the page. It's just silly
> and not grounded in security.
>
If you want to not have that, then use HTTPS and ask for persistent
permissions.
-Ekr
> We're building software for human beings, not machines! :)
>
> Gili
>
>