Re: [rtcweb] Conditions for long-term permissions grants

On Thu, Mar 12, 2015 at 2:37 PM, Justin Uberti <juberti@google.com> wrote:

>
>
> On Thu, Mar 12, 2015 at 12:06 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>>
>> On Thu, Mar 12, 2015 at 3:48 AM, Stefan HÃ¥kansson LK <
>> stefan.lk.hakansson@ericsson.com> wrote:
>>
>>> On 10/03/15 19:50, Justin Uberti wrote:
>>> > I think we should follow the precedent that has been set for this sort
>>> > of thing on mobile devices, namely that apps ask for consent the first
>>> > time they need the camera, and this permission is stored, as mentioned
>>> > in
>>> >
>>> http://useyourloaf.com/blog/2014/07/16/ios-8-camera-privacy-settings.html
>>> .
>>>
>>> Personally I don't agree (more on why below), but my takeaway from that
>>> is that we should perhaps leave the document as is since it is unlikely
>>> that we would find consensus if we try to add more detail on the
>>> behavior regarding stored permissions in a normative part of the spec.
>>>
>>
>> As I mentioned, we can't leave the documents as-is because the IETF
>> document requires the W3C document to do something it doesn't do.
>> We could leave the W3C document silent, but then we have to change
>> the IETF document.
>>
>>
>>
>>> Why I don't agree: I think there is a difference between an installed
>>> app and a web page. Installing an app is a much more conscious decision
>>> than, there is (usually) an app store involved, and an app can be
>>> uninstalled (of course you can revoke stored permissions - but that is
>>> not as intuitive to the average user IMO).
>>>
>>> Moreover, it is quite easy to imagine sites to ask for access to camera
>>> and microphone (e.g. get support during a purchase in a web shop) in
>>> situations when you really like that access to be one time (I'd not like
>>> that web shop to be able too use my camera next time I'm browsing its
>>> pages).
>>>
>>> And https is a good thing, but not sufficient IMO. Most sites will move
>>> there (and don't get me wrong: that is a good thing), so I'm not sure
>>> that "served over https" always equals "well behaved" and in addition
>>> not all of those sites will be professionally managed and could be
>>> hacked. So my very personal opinion is that allowing any site (served
>>> over https) to store permissions to use camera and microphone without my
>>> explicit permission to do so is not right.
>>>
>>
>> Another argument against allowing HTTPS-only sites to be persistent
>> without any user input is that it violates the principle of least
>> astonishment.
>>
>>
> I don't see why this is astonishing, given that this is the interaction
> model many users are used to from mobile.
>

What's surprising is the difference between HTTP and HTTPS

-Ekr


> I grant that there is some difference between web sites and installed
> apps, but whether this difference is significant enough to contraindicate
> persistence seems to be an open question.
>
> I could certainly imagine having some sort of "We'll remember this
> permission for you" notification after the permission grant.
>
>

Received on Thursday, 12 March 2015 23:58:16 UTC