W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2015

Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 29 Oct 2015 14:38:07 +0900
Message-ID: <CABcZeBMvzwMAV-qjEoaGEbxXVqNDc8ORxDXHG5Wx73gOF+p64w@mail.gmail.com>
To: Rigo Wenning <rigo@w3.org>
Cc: Martin Thomson <martin.thomson@gmail.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, Mathieu Hofman <Mathieu.Hofman@citrix.com>, Harald Alvestrand <harald@alvestrand.no>, Nick Doty <npdoty@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Thu, Oct 29, 2015 at 2:30 PM, Rigo Wenning <rigo@w3.org> wrote:

> On Thursday 29 October 2015 12:03:06 Martin Thomson wrote:
> > Persistent for me is what Chrome does, or what Firefox does when you
> > pick the "Always" option.  Maybe you could explain what you think
> > persistent might mean other than that.
> AFAI understood ekr's email, Chrome is defaulting to asking once and never
> ask
> again. Is this right? He wrote: "Chrome's UI of just giving persistent
> permissions without a user prompt".

Yes, this is how Chrome behaves (assuming you are on HTTPS).

> If yes, then:
> I now start to understand by persistent, you mean "forever" and there it is
> simply unjustifiable depending on your cultural standpoint IMHO. So this
> seems
> to really look like a cheap lock from the outside. Click - fatique can
> certainly not be used to justify defaulting user to allow mic and camera
> and
> to persist that forever. Such a default benefits certain actors from users
> not
> understanding what is going on, on purpose? Chrome will create damage to
> people with this. There is no doubt about it. Remember the school that gave
> its pupils laptops and used the remote controlled Apple chat and locate
> application to spy into the pupils bedrooms? You are about to broadly open
> that door.

Who are you referring to with "You" here. The people you're talking to
(Martin and I) both work on Firefox, and we'd be more than happy for
Chrome to behave the way that Firefox does.

BTW, if you look into RFC 7478, it says in its browser considerations:
> ==
> The browser is expected to provide mechanisms for getting user consent to
> use
> device resources such as camera and microphone.
> ==
> Now tell me how is not asking the user getting you consent?

You did ask the user. The permission persists. The normative text
here is the security document, which specifically contemplates
persistent consent.

> But furthermore it says:
> ==
> The browser is expected to provide mechanisms for informing the user that
> device resources such as camera and microphone are in use ("hot").
> The browser must provide mechanisms for users to revise and even completely
> revoke consent to use device resources such as camera and microphone.
> ==

And as I said, both Chrome and Firefox already do these things.

Received on Thursday, 29 October 2015 05:39:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:31 UTC