- From: Justin Uberti <juberti@google.com>
- Date: Thu, 12 Mar 2015 19:23:24 -0700
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, Anne van Kesteren <annevk@annevk.nl>, "public-media-capture@w3.org" <public-media-capture@w3.org>
- Message-ID: <CAOJ7v-1R=LD=U0t0iTgb5AWT1RmS87sH_kDdCqAFN7d5-d2nUQ@mail.gmail.com>
On Thu, Mar 12, 2015 at 4:57 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > On Thu, Mar 12, 2015 at 2:37 PM, Justin Uberti <juberti@google.com> wrote: > >> >> >> On Thu, Mar 12, 2015 at 12:06 PM, Eric Rescorla <ekr@rtfm.com> wrote: >> >>> >>> >>> On Thu, Mar 12, 2015 at 3:48 AM, Stefan HÃ¥kansson LK < >>> stefan.lk.hakansson@ericsson.com> wrote: >>> >>>> On 10/03/15 19:50, Justin Uberti wrote: >>>> > I think we should follow the precedent that has been set for this sort >>>> > of thing on mobile devices, namely that apps ask for consent the first >>>> > time they need the camera, and this permission is stored, as mentioned >>>> > in >>>> > >>>> http://useyourloaf.com/blog/2014/07/16/ios-8-camera-privacy-settings.html >>>> . >>>> >>>> Personally I don't agree (more on why below), but my takeaway from that >>>> is that we should perhaps leave the document as is since it is unlikely >>>> that we would find consensus if we try to add more detail on the >>>> behavior regarding stored permissions in a normative part of the spec. >>>> >>> >>> As I mentioned, we can't leave the documents as-is because the IETF >>> document requires the W3C document to do something it doesn't do. >>> We could leave the W3C document silent, but then we have to change >>> the IETF document. >>> >>> >>> >>>> Why I don't agree: I think there is a difference between an installed >>>> app and a web page. Installing an app is a much more conscious decision >>>> than, there is (usually) an app store involved, and an app can be >>>> uninstalled (of course you can revoke stored permissions - but that is >>>> not as intuitive to the average user IMO). >>>> >>>> Moreover, it is quite easy to imagine sites to ask for access to camera >>>> and microphone (e.g. get support during a purchase in a web shop) in >>>> situations when you really like that access to be one time (I'd not like >>>> that web shop to be able too use my camera next time I'm browsing its >>>> pages). >>>> >>>> And https is a good thing, but not sufficient IMO. Most sites will move >>>> there (and don't get me wrong: that is a good thing), so I'm not sure >>>> that "served over https" always equals "well behaved" and in addition >>>> not all of those sites will be professionally managed and could be >>>> hacked. So my very personal opinion is that allowing any site (served >>>> over https) to store permissions to use camera and microphone without my >>>> explicit permission to do so is not right. >>>> >>> >>> Another argument against allowing HTTPS-only sites to be persistent >>> without any user input is that it violates the principle of least >>> astonishment. >>> >>> >> I don't see why this is astonishing, given that this is the interaction >> model many users are used to from mobile. >> > > What's surprising is the difference between HTTP and HTTPS > True, although we're already planning on having gUM work differently (i.e. not at all) for HTTP
Received on Friday, 13 March 2015 02:24:16 UTC