Re: [w3ctag/design-reviews] WebXR Raw Camera Access API (#652) from Piotr Bialecki on 2021-11-09 (public-webapps-github@w3.org from November 2021)

From: Piotr Bialecki <notifications@github.com>
Date: Mon, 08 Nov 2021 16:48:41 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/652/963710374@github.com>

> Hi @bialpio - has there been any activity on your end on additional privacy mitigations since we [spoke last week](https://github.com/w3ctag/meetings/blob/gh-pages/2021/telcons/10-25-minutes.md#raw-camera-access-api)?

Not yet, I still need to reach out internally to get some guidance from the UX team and Privacy team on how we could ensure we communicate that the camera is in use to the users. We'll likely postpone the OT until we have something that we can show to the developers (part of the reason for an OT is to also get feedback on the UX of the API, so it makes no sense to show something that we aren't sure is final).

> Another option (as well as the visual indicator) for alerting the user - and in particular other people in the vicinity whose privacy may unknowingly be compromised - could be to require a sound, in a similar why to how camera apps are required to make the shutter sound in certain jurisdictions.

This may be something worth exploring, although I imagine emitting a sound w/ some regular cadence for the entire duration of a session could get tiresome to the users. Are we worried that a malicious app would be able to drown this sound out? At least by doing it, it will be obnoxious to the bystanders.

> What other web platform APIs could be completely prohibited from use while the Raw Camera Access API is in use, without completely removing the utility of Raw Camera Access?

We'd need to lock down any kind of API that allows communication with the outside world (XHR, fetch(), maybe history?), and any kind of API that allows the app to persist state (local storage, session storage, file / filesystem?), otherwise, we're risking that whatever was extracted from the camera feed during XR session gets leaked to a server after the session has finished. We'd also need to clear the state of the script once the XR session has ended (so probably reload the site on session end).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/652#issuecomment-963710374

Received on Tuesday, 9 November 2021 00:48:54 UTC