Re: Discussion on authenticated origins (was Re: CfC: only allow authenticated origins to call getUserMedia)

On 08/10/14 16:02, Eric Rescorla wrote:
>     It is a very informed user consent, but I worry about http delivered
>     sites that are legit, with returning users. Each time they approve the
>     use of camera and microphone (because the app needs them for its
>     purpose), but the app may be compromised by a MITM that uses the tracks
>     generated for bad things in addition to the intended functionality.
> Yes. I didn't say it was necessarily wise (though in many cases it's
> fine). I said it was informed.

The question is then if we leave this decision to the end user (this is 
what we have now), or change to stop this in the design (with 
consequences of breaking existing apps etc. as Justin pointed out).

Received on Thursday, 9 October 2014 11:10:42 UTC