- From: Greg Norcie <gnorcie@cdt.org>
- Date: Fri, 30 Oct 2015 09:14:51 -0400
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, Eric Rescorla <ekr@rtfm.com>, Rigo Wenning <rigo@w3.org>, Martin Thomson <martin.thomson@gmail.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, Mathieu Hofman <Mathieu.Hofman@citrix.com>, Nick Doty <npdoty@w3.org>, public-media-capture@w3.org
- Message-ID: <CAMJgV7ZLR+QVGmaC7XsE+6QDm=AwxsCrsxsawBOs1+ZVXVg-rA@mail.gmail.com>
Crazy idea: Maybe we could take a page from DRM encumbered media? Services like Netflix and Pandora will ask you to confirm you're still listening/watching after some period of time. (30-60 minutes) of use. On Thu, Oct 29, 2015 at 6:55 PM, Harald Alvestrand <harald@alvestrand.no> wrote: > On 10/29/2015 04:29 PM, Mike O'Neill wrote: > > So what would be a reasonable default, somewhere between a few hours and > eternity? > > > If it's easy to discover that the permission has been given and revoke it, > I don't see a problem with "lifetime of browser profile" (which is slightly > shorter than "eternity"). > > In addition to the revocation available through the camera icon, Chrome > has implemented clearing all permissions if an user clears cookies for a > domain; the assumption is that if the user clears cookies, he's likely to > want all relationships with that domain to "start from zero". > > > > > > Mike > > > > > > *From:* Eric Rescorla [mailto:ekr@rtfm.com <ekr@rtfm.com>] > *Sent:* 29 October 2015 07:17 > *To:* Mike O'Neill <michael.oneill@baycloud.com> > <michael.oneill@baycloud.com> > *Cc:* Rigo Wenning <rigo@w3.org> <rigo@w3.org>; Martin Thomson > <martin.thomson@gmail.com> <martin.thomson@gmail.com>; public-privacy > (W3C mailing list) <public-privacy@w3.org> <public-privacy@w3.org>; > Mathieu Hofman <Mathieu.Hofman@citrix.com> <Mathieu.Hofman@citrix.com>; > Harald Alvestrand <harald@alvestrand.no> <harald@alvestrand.no>; Nick > Doty <npdoty@w3.org> <npdoty@w3.org>; public-media-capture@w3.org > *Subject:* Re: Comments/Questions on Media Capture Streams – Privacy and > Security Considerations > > > > There's really not much point in having a a persistent permission for > camera > > and microphone that is measured in hours, because that means that the > > vast majority of times when people want to use these devices (like one > > video call every day or two) they will be prompted for permission. > > > > -Ekr > > > > > > On Thu, Oct 29, 2015 at 4:08 PM, Mike O'Neill < > <michael.oneill@baycloud.com>michael.oneill@baycloud.com> wrote: > > Even when there is a visual indication people can miss it or not understand > what it is . Given the sensitivity of having a "hot" mike/camera, > persistent > permissions should also have an expiry so even if people are unaware of > them > they will not be there for perpetuity. > > In general all permissions should have an expiry in my view, with the > duration reported when the permission is requested. (i.e. this should be > part of the permissions API, not just MediaCapture). Those that are less > sensitive may have a longer duration but MediaCapture should be relatively > short (hours?). > > > Mike > > > > -----Original Message----- > From: Rigo Wenning [mailto: <rigo@w3.org>rigo@w3.org] > Sent: 29 October 2015 06:52 > To: Eric Rescorla < <ekr@rtfm.com>ekr@rtfm.com> > Cc: Martin Thomson < <martin.thomson@gmail.com>martin.thomson@gmail.com>; > public-privacy (W3C mailing > list) <public-privacy@w3.org>; Mathieu Hofman <Mathieu.Hofman@citrix.com>; > Harald Alvestrand < <harald@alvestrand.no>harald@alvestrand.no>; Nick > Doty <npdoty@w3.org>; > public-media-capture@w3.org > Subject: Re: Comments/Questions on Media Capture Streams – Privacy and > Security Considerations > > On Thursday 29 October 2015 15:37:12 Eric Rescorla wrote: > > On Thu, Oct 29, 2015 at 3:35 PM, Rigo Wenning <rigo@w3.org> wrote: > > > On Thursday 29 October 2015 15:04:05 Eric Rescorla wrote: > > > > Chrome and Firefox do both of the two things listed in this quoted > block > > > > > > > > 1. Inform the user that the devices are hot. > > > > > > Ok, in this case I can understand that if one has a visual indication > that > > > mic > > > and camera are "on" the need for an additional prompt is somewhat moot. > > > > > > > 2. Provide mechanisms for revoking consent. > > > > > > This is then a question of usability. Is clicking on the visual > indication > > > allowing to revoke the consent/permission? > > > > Yes, generally. > > In this case, my earlier criticism was based on insufficient information. I > think this does what it is supposed to do. I still think that persistent > (forever) permissions are a mistake. But this is mitigated by the fact that > the browser indicates when mic and camera are "on". > > --Rigo > > > > > > -- > Surveillance is pervasive. Go Dark. > > -- /***********************************/ *Greg Norcie (norcie@cdt.org <norcie@cdt.org>)* *Staff Technologist* *Center for Democracy & Technology* 1634 Eye St NW Suite 1100 Washington DC 20006 (p) 202-637-9800 PGP: http://norcie.com/pgp.txt Fingerprint: 73DF-6710-520F-83FE-03B5 8407-2D0E-ABC3-E1AE-21F1 /***********************************/
Received on Friday, 30 October 2015 13:15:40 UTC