Re: [w3c/gamepad] Should fire events instead of using passive model (#4) from Florian Bösch on 2022-01-13 (public-webapps-github@w3.org from January 2022)

From: Florian Bösch <notifications@github.com>
Date: Thu, 13 Jan 2022 08:23:06 -0800
To: w3c/gamepad <gamepad@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/gamepad/issues/4/1012294149@github.com>
That local use of SSL is still unsolved is inexcusable.

On Thu, Jan 13, 2022, 15:30 Jim (JR) ***@***.***> wrote:

> Greetings!
> How to have your cake and eat it too with respect to gamepad security
>
> As I, and others mentioned above, have said, placing the gamepad behind
> what is essentially a security paywall, (real certificates are not
> inexpensive), will have two very bad effects:
>
>    1. It will, (in essence), eliminate any in-browser use of the gamepad
>    that's not based on a full-up static server on a real domain.
>       - (*i.e.* local devices such as the Jumbotron-type display
>       controller noted above, robotics, accessibility aids, etc.)
>    2. If a self-signed certificate is used, it will have the effect of
>    *reducing* the security of the context by encouraging people to ignore
>    certificate warnings.
>
> *Note:*  There is nothing that prevents a secure site from using a
> gamepad as a fingerprinting device, so the mere presence of a secure site
> does *NOT* guarantee the gamepad won't be used for fingerprinting.
>
> Conclusion 1:  Placing stuff behind a secure context is *NOT always the
> answer*
> Conclusion 2:  Placing stuff behind a secure context should *NOT be the
> first-choice, knee-jerk reaction* to a potential security/privacy issue.
> Conclusion 3:  The W3C group *should exhaust all other possibilities*
> before placing a feature - especially a hardware feature - behind a
> security paywall.
>
> ===============================
>
> Suggestion on how to solve the problems noted above:
>
>    - Make it a browser selectable hardware permission on a per-site basis
>    the same way other hardware, like the camera or microphone, are allowed
>    permission on a site-by-site basis.
>
> Viz.:
> There is a setting:  Allow gamepad [always | never | ask] which defaults
> to "ask"; placed with the other hardware permission settings within the
> browser's preferences.
>
> As a consequence of this setting the user can proactively either allow or
> disallow gamepad visibility to sites that wish to use it.
>
> Viz.:
>
>    1.
>
>    Site "x" is a hardware device using the gamepad, a robot, an
>    accessibility aid, or something similar that needs the gamepad but cannot
>    have a secure context.
>    - Site "x" attempts to use the gamepad - initially the gamepad request
>       is queued in the same manner any other hardware permission is queued.
>       - User gets a pop-up asking for permission to use the gamepad.
>       - User grants permission.
>       - Gamepad is made available to the site with option to remember
>       that choice.
>       - Note that the "must interact with the gamepad rule remains in
>       force.
>    2.
>
>    Site "y" has a "drive-by fingerprinter" installed that looks for a
>    gamepad.
>    - Everything occurs as noted above, except the user does *NOT* grant
>       permission.
>       - Site is not granted access to the gamepad, and - in fact - has no
>       idea that a gamepad may even exist.
>    3.
>
>    Note that *this does NOT depend on the security context* as secure
>    sites may be fingerprinters and insecure sites may not be.
>
> Therefore I respectfully suggest that the requirement for a secure context
> for gamepads be abandoned and as a replacement, require affirmative user
> permission to use it on a site-by-site basis with the option of remembering
> the choice for that site.
>
> What say ye?
>
> —
> Reply to this email directly, view it on GitHub
> <https://github.com/w3c/gamepad/issues/4#issuecomment-1012188769>, or
> unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAEQXOQY7LCCD6NQTGVH4OTUV3OYPANCNFSM4A7WJMYA>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/gamepad/issues/4#issuecomment-1012294149

You are receiving this because you are subscribed to this thread.

Message ID: <w3c/gamepad/issues/4/1012294149@github.com>
Received on Thursday, 13 January 2022 16:23:18 UTC