W3C home > Mailing lists > Public > public-media-capture@w3.org > March 2015

Re: [rtcweb] Conditions for long-term permissions grants

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 12 Mar 2015 12:06:46 -0700
Message-ID: <CABcZeBNjHpADNLXTL3bub4nv8p=z218EsMQy=UKOUud817vpgA@mail.gmail.com>
To: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>
Cc: Justin Uberti <juberti@google.com>, Anne van Kesteren <annevk@annevk.nl>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Thu, Mar 12, 2015 at 3:48 AM, Stefan HÃ¥kansson LK <
stefan.lk.hakansson@ericsson.com> wrote:

> On 10/03/15 19:50, Justin Uberti wrote:
> > I think we should follow the precedent that has been set for this sort
> > of thing on mobile devices, namely that apps ask for consent the first
> > time they need the camera, and this permission is stored, as mentioned
> > in
> >
> http://useyourloaf.com/blog/2014/07/16/ios-8-camera-privacy-settings.html.
>
> Personally I don't agree (more on why below), but my takeaway from that
> is that we should perhaps leave the document as is since it is unlikely
> that we would find consensus if we try to add more detail on the
> behavior regarding stored permissions in a normative part of the spec.
>

As I mentioned, we can't leave the documents as-is because the IETF
document requires the W3C document to do something it doesn't do.
We could leave the W3C document silent, but then we have to change
the IETF document.



> Why I don't agree: I think there is a difference between an installed
> app and a web page. Installing an app is a much more conscious decision
> than, there is (usually) an app store involved, and an app can be
> uninstalled (of course you can revoke stored permissions - but that is
> not as intuitive to the average user IMO).
>
> Moreover, it is quite easy to imagine sites to ask for access to camera
> and microphone (e.g. get support during a purchase in a web shop) in
> situations when you really like that access to be one time (I'd not like
> that web shop to be able too use my camera next time I'm browsing its
> pages).
>
> And https is a good thing, but not sufficient IMO. Most sites will move
> there (and don't get me wrong: that is a good thing), so I'm not sure
> that "served over https" always equals "well behaved" and in addition
> not all of those sites will be professionally managed and could be
> hacked. So my very personal opinion is that allowing any site (served
> over https) to store permissions to use camera and microphone without my
> explicit permission to do so is not right.
>

Another argument against allowing HTTPS-only sites to be persistent
without any user input is that it violates the principle of least
astonishment.

-Ekr
Received on Thursday, 12 March 2015 19:07:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:32 UTC