Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations

On Thu, Oct 29, 2015 at 8:51 AM, Rigo Wenning <> wrote:

> On Friday 23 October 2015 16:29:42 Eric Rescorla wrote:
> > In fact the RTCWEB Security Architecture documents used to require that
> > the site opt-in to persistent permissions and there was strong consensus
> > to remove that requirement precisely because browsers weren't interested
> > in implementing it.
> We are repeating the geolocation experience where (mostly US-policy
> inspired)
> browsers were saying that they would only implement a one time a permission
> request to use your location and they would never ask again.

I'm not saying that. In fact, I've said several times that Firefox does the

My remark that the European Law here requires a permanent beacon to be shown
> as long as one is located was met with rather violent opposition and the
> requirement didn't make it into the Specification. But at the end of the
> day,
> everybody implemented the constant beacon as they wanted to ship in Europe.

Chrome and Firefox already show an indicator like this for gUM.

> I predict that if browsers do one time requests on WebRTC and it isn't a
> legal
> requirement yet in Europe to easily revoke it, it will become a legal
> requirement quickly.

Both Chrome and Firefox offer easy revocation.

> And this legal requirement will certainly be worse than
> doing it right in the first place. So while there may be an interest to
> benefit from the weak protections in some intermediate time, the refusal to
> implement will not be sustainable on the long run. It actually adds to the
> transatlantic unease. What is the gain to justify such important tradeoffs?

Your basic assumptions about what how browsers behave appear not
to be accurate.


Received on Wednesday, 28 October 2015 23:56:04 UTC