- From: Reilly Grant via GitHub <sysbot+gh@w3.org>
- Date: Tue, 28 Apr 2020 23:16:31 +0000
- To: public-webrtc-logs@w3.org
> We have precedent in Chrome for delaying an automatic reply to a permission request to prevent deducing user state (in particular, notification permission requests in incognito). We can use that same approach here, if deemed necessary. Is the concern that this would help with fingerprinting users? I'm not very familiar with the media API so I'm not entirely sure how big the fingerprinting surface is already without PTZ and how much PTZ adds. Delaying the automatic reply would resolve the fingerprinting concern but would mean a poor user experience as I am imagining the prompt would be displayed from an "enable PTZ" button in the site UI. The best user experience when clicking this button would be for it to change to a "Not supported by your device." state which requires letting the site know that the device does not support the capability, not that the user "denied" the prompt (but really they never saw it). > On the other hand, presenting a user with a prompt for a capability they do not have seems like an unnecessary cognitive load, probably confusing and also different than how all other permissions work (you don't get camera prompts if you don't actually have a camera for example) and something that I would like to avoid if at all possible. I wasn't aware that that was the case for general camera permission. In that case it may be reasonable to provide the PTZ constraint information before permission is requested. We should discuss this with the privacy reviewers. -- GitHub Notification of comment by reillyeon Please view or discuss this issue at https://github.com/w3c/mediacapture-image/issues/223#issuecomment-620903525 using your GitHub account
Received on Tuesday, 28 April 2020 23:16:33 UTC