On Friday 23 October 2015 16:29:42 Eric Rescorla wrote: > In fact the RTCWEB Security Architecture documents used to require that > the site opt-in to persistent permissions and there was strong consensus > to remove that requirement precisely because browsers weren't interested > in implementing it. We are repeating the geolocation experience where (mostly US-policy inspired) browsers were saying that they would only implement a one time a permission request to use your location and they would never ask again. My remark that the European Law here requires a permanent beacon to be shown as long as one is located was met with rather violent opposition and the requirement didn't make it into the Specification. But at the end of the day, everybody implemented the constant beacon as they wanted to ship in Europe. I predict that if browsers do one time requests on WebRTC and it isn't a legal requirement yet in Europe to easily revoke it, it will become a legal requirement quickly. And this legal requirement will certainly be worse than doing it right in the first place. So while there may be an interest to benefit from the weak protections in some intermediate time, the refusal to implement will not be sustainable on the long run. It actually adds to the transatlantic unease. What is the gain to justify such important tradeoffs? --RigoReceived on Wednesday, 28 October 2015 23:51:30 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:34 UTC