Re: [mediacapture-main] No way to reliably choose correct camera & microphone upfront (#656)

What if instead of changing the API, we just state with more details what the prompt may/should/must  do?

We can say that the first step of getUserMedia() is to present a prompt that allows the user to select which devices the document is authorized to use. This selection remains valid for the rest of the session unless a device change is detected, so that no further prompts are needed.
getUserMedia() and enumerateDevices() should behave as if the authorized devices were the only ones that exist.

Authorizing all devices may be allowed in addition to allowing only a specific device. It may be possible to persist the permissions for a domain so that the prompt can be skipped in future sessions.

If the set of devices changes, the prompt appears again in the next getUserMedia call (unless the user gave permission to use all devices).

We would need to discuss more about the details, but I think this approach can address most of the privacy issues that have been presented without breaking existing applications and with only minimal changes to the API. In terms of implementation, current browsers would need to update their existing prompts to comply with some extra privacy requirements and make the corresponding changes in the set of visible devices for a given document.

Some of the behavior changes introduced by this approach are that enumerateDevices() would return an empty list if no devices have been previously authorized, and NotAllowedError would be replaced by NotFoundError. I think these changes should manageable by most existing applications.


-- 
GitHub Notification of comment by guidou
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/656#issuecomment-577769741 using your GitHub account

Received on Thursday, 23 January 2020 16:52:11 UTC