On Thu, Oct 29, 2015 at 8:51 AM, Rigo Wenning <rigo@w3.org> wrote: > On Friday 23 October 2015 16:29:42 Eric Rescorla wrote: > > In fact the RTCWEB Security Architecture documents used to require that > > the site opt-in to persistent permissions and there was strong consensus > > to remove that requirement precisely because browsers weren't interested > > in implementing it. > > We are repeating the geolocation experience where (mostly US-policy > inspired) > browsers were saying that they would only implement a one time a permission > request to use your location and they would never ask again. > I'm not saying that. In fact, I've said several times that Firefox does the opposite. My remark that the European Law here requires a permanent beacon to be shown > as long as one is located was met with rather violent opposition and the > requirement didn't make it into the Specification. But at the end of the > day, > everybody implemented the constant beacon as they wanted to ship in Europe. > Chrome and Firefox already show an indicator like this for gUM. > I predict that if browsers do one time requests on WebRTC and it isn't a > legal > requirement yet in Europe to easily revoke it, it will become a legal > requirement quickly. Both Chrome and Firefox offer easy revocation. > And this legal requirement will certainly be worse than > doing it right in the first place. So while there may be an interest to > benefit from the weak protections in some intermediate time, the refusal to > implement will not be sustainable on the long run. It actually adds to the > transatlantic unease. What is the gain to justify such important tradeoffs? Your basic assumptions about what how browsers behave appear not to be accurate. -Ekr
Received on Wednesday, 28 October 2015 23:56:04 UTC