- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Thu, 19 Feb 2015 14:25:12 +0000
- To: "public-media-capture@w3.org" <public-media-capture@w3.org>
We have had 2 calls for consideration of related matter to this subject recently - the newest one is documented here: https://github.com/w3c/mediacapture-main/issues/127 The issue is this: If a getUserMedia request causes a permission prompt, should there be a way for the Javascript to cause that permission prompt to disappear after a while if it is not granted, cancelling the request? This has been discussed before, issues raised include: - Very short timeouts allow an attacker to do device querying without the user noticing. - Not having this ability means that prompts hang around until the relevant tab is closed. - For applications that have an "install/registration" phase, and where the request is served over HTTPS, and the platform supports "permit for all devices", the app can use stored permission to avoid a later permission prompt entirely except for exceptional cases (like when the user revokes permission). Our alternatives include: - Not doing anything, letting apps deal with the issues as described above, or living with it - Adding a timeout parameter to getUserMedia, which allows the prompt to fade away after a while - Adding a "cancel" mechanism wehre a the gUM promise can be resolved by the Javascript not the platform, leading to the prompt disappearing - Define this as a problem that we need to solve later - Something else What do people think? Harald -- Surveillance is pervasive. Go Dark.
Received on Thursday, 19 February 2015 14:25:44 UTC