- From: Piotr Bialecki <notifications@github.com>
- Date: Wed, 08 Sep 2021 11:06:51 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/652/915456615@github.com>
> I'm thinking especially of the cases where an application is designed to perform a certain function (e.g. you're at a restaurant and you scan a QR code to bring you to a web app that allows you to draw funny ears or hats on people's faces) that requires facial recognition and therefore raw camera, but then uses that same facial recognition data for a secondary use contrary to the user's expectations (e.g. correlating that info with other facial recognition info to build up a list of people who were with you at the table for sale to 3rd parties). Yes, that is unfortunately correct. One thing to note is that the scenario you are describing is already possible on the web, without WebXR's Raw Camera Access API in the picture at all, so by introducing it, I don't believe we're weakening the platform. > Beyond permissions, it really feels to me like there needs to be some additional drawbacks for use of this API that would encourage developers to use the privacy-preserving WebXR AR APIs instead unless the really need Raw Camera access. Have you considered this approach in the working group? I don't believe we had such discussions within the working group. Do you have specific examples of how could that work? I worry that introducing artificial drawbacks could cause the feature to be unusable, so we need to make sure we strike the right balance here. Currently, the main limitation of the API that I'd argue falls into the "drawbacks" category is a requirement for the camera texture to align with an XRView - as a consequence, the camera texture has a more narrow field of view compared to the image that the site could get using `getUserMedia()` APIs, & users have clear visual feedback on what exactly is shared with the site because the same texture is displayed to them (this could be suppressed by a malicious app rendering opaque object across the entire viewport though). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/652#issuecomment-915456615
Received on Wednesday, 8 September 2021 18:07:03 UTC