[Bug 25985] WebCrypto should be inter-operable

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25985

--- Comment #20 from Boris Zbarsky <bzbarsky@mit.edu> ---
> detecting if you have a camera and microphone?

Because in practice people who want to use such a site always do.  And that's
because users know whether they have a camera and microphone and don't have the
expectation that they can do video chat without a camera or audio without a
microphone.

So place yourself in the user's shoes for a second.  You go to a website to do
chat, and it says "Can't do it, no microphone".  You either go "Oh, duh, I
forgot I was using my 5-year-old desktop", or you assume that either the site
or the browser is broken because the microphone is right there on your device
and works fine with all other applications.  Obviously sites and browsers have
incentive to not seem broken, so they work on properly detecting microphones
(in the case of browsers) and properly detecting microphone APIs (sites).  As a
result, the site can be fairly certain that telling the user "There is no
microphone" is pretty reasonable, because if there were one the browser would
expose it to the site and the site would see it.  Furthermore, it's even sanely
actionable: the user can plug in their external microphone, for that tiny
fraction of users who have a device without a built-in one, have an external
one, and use it, or grab a different device that has a microphone.

Alright, let's try this again with crypto.  A user goes to a site to,
hypothetically, see a movie whose watching involves crypto operations in some
way (if there other obvious use cases that I should be considering here, I'd
appreciate a pointer; I'm told the movie use case does exist, though).  The
site wants to use an algorithm the user's browser doesn't support.  What is the
messaging the site shows the user?  It's obviously not going to be "Can't do
it, no RSASSA-PKCS1-v1_5 support" because the user's reaction will be to read
that out loud trying to make sense of it and then the user's significant other
will think the user is choking and try the Heimlich maneuver on them.  More
seriously, the site won't say that because from a typical user's point of view
that's a meaningless statement.  Even for users who sort of understand what it
means, it's really non-actionable.  

So the site will instead provide an actionable error message.  Chances are,
something like "You must be using Microsoft Internet Explorer 10.0 and Windows
7" to use this site (with possibly a different browser name/version and
different OS name/version, and maybe with a short list instead of a single
entry, but this will be the gist).  Unlike a lot of other such statements on
the web the statement might even be true, in the sense that Windows Vista and
Windows 8 might not have the exact algorithm the site is using, or whatever.

In some abstract sense, there is no difference between these two cases: in one
case the user grabs their tablet because it's got a camera and microphone, and
in the other case the user grabs their tablet because it's got the blessed
operating system and browser version on it.  However in terms of actual
perception by actual people I think you'd find they get a lot more pissed off
about "I can watch this movie on this website on my iPad but not my Android
phone" than they do about not being able to video chat on a phone because it
only has a backward-facing camera.  And that's because users know to get a
two-camera phone if they want to video chat, and that's part of the obvious
things people will tell you about a phone.  Whereas the exact list of crypto
algorithms the built-in browser on the phone supports... is not something
commonly advertised on the store shelf.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 5 June 2014 16:32:40 UTC