- From: Craig Spiezle <craigs@otalliance.org>
- Date: Mon, 31 Oct 2016 21:13:01 +0000
- To: Joseph Lorenzo Hall <joe@cdt.org>
- CC: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>, "runnegar@isoc.org" <runnegar@isoc.org>, "tjwhalen@google.com" <tjwhalen@google.com>, "public-privacy@w3.org" <public-privacy@w3.org>
another scenario we are looking at are the ads which auto run video & audio.. effectively drive bys Sent from my iPhone > On Oct 31, 2016, at 1:33 PM, Joseph Lorenzo Hall <joe@cdt.org> wrote: > > (if an issue arises, happy to put them into github... staying here for > the moment) > > Heya, I took a look at this spec and had a question about the example > in the privacy considerations section: > > https://www.w3.org/TR/2016/WD-audio-output-20161014/#privacy-considerations > > There, is says, "Authorization is necessary because playing audio out > of a non-default device may be unexpected behavior to the user, and > may cause a nuisance. For example, suppose a user is in a library or > other quiet public place where she is using a laptop with system audio > directed to a USB headset. Her expectation is that the laptop’s audio > is private and she will not disturb others. If any Web application can > direct audio output through arbitrary output devices, a mischievous > website may play loud audio out of the laptop’s external speakers > without the user’s consent." > > The case I can think of at the moment (because it's happening on my > system right now!) is Spotify... we'll pretend through a browser UA > and not it's native app. Presumably, in typical use of a site like > spotify.com to play audio, the user quickly (within a few days) gives > permission (if needed) to spotify.com to output audio to external > speakers and any headsets they may use. So, certainly spotify.com > would be able to switch audio from one to the other (and from the > spec, it sounds like if the USB headset is removed an becomes > unavailalbe, the sinkId for the external speakers is likely to be > chosen in a non-paused state)? > > It might make sense to have that example be a bit more robust... for > example, you could describe the user listening to audio at foo.com on > USB headset and another tab at bar.com wants to direct audio ouput to > external speakers, perhaps to play an ultrasonic beacon code that > humans can't hear? (e.g., trying to signal across origins in different > tabs or something). > > Or maybe I have this wrong? best, Joe > > On Wed, Oct 19, 2016 at 9:24 AM, Stefan Håkansson LK > <stefan.lk.hakansson@ericsson.com> wrote: >> Dear Privacy Interest Group, >> >> The WebRTC Working Group and Device and Sensors Working Group are >> working toward publishing their Audio Output Devices API to Candidate >> Recommendation and are thus seeking review from a variety of groups on >> the document: >> https://www.w3.org/TR/2016/WD-audio-output-20161014/ >> >> We are particularly interested on feedback from the Privacy Interest >> Group on the impact on privacy (and the proposed mitigations) to the new >> ability to play sound on specific audio devices. >> >> We of course also welcome feedback on any other aspect of the >> specification. >> >> We would appreciate to receive feedback before November 11. We hope to >> transition request to Candidate Recommendation by the end of this year. >> >> If you have any comments, we prefer you submit them as Github issues: >> https://github.com/w3c/mediacapture-output/issues >> >> Alternatively, you can send your comments by email to >> public-mediacapture@w3.org. >> >> Thanks, >> >> For the WebRTC and DAS chairs, >> Stefan Hakansson >> >> > > > > -- > Joseph Lorenzo Hall > Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] > 1401 K ST NW STE 200, Washington DC 20005-3497 > e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key > Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 > > Tech Prom, CDT's Annual Dinner, is April 20, 2017! https://cdt.org/annual-dinner >
Received on Monday, 31 October 2016 21:13:43 UTC