- From: youennf via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Sep 2020 13:32:07 +0000
- To: public-webrtc-logs@w3.org
> Are you trying to protect the user, even in cases where they have given their permission? Yes, this is explained at https://github.com/w3c/mediacapture-main/issues/709#issuecomment-686409911. Here is a more thorough example: - Alice discovers a fun website and decides to create an account. - Alice wants to upload her photo and grants getUserMedia access to the camera to take a selfie. Let's say Alice granted persistent permission by default like in Chrome or as opt-in. - 10 days later, Alice goes back to the website. - Without Alice providing any login, cookie or whatever information, website can call enumerateDevices and be able to know who Alice is (deviceId, labels, capabilities...). - Without Alice being able to know about it, website will be able to monitor some of her actions, like adding/removing cameras. The spec change forbids this scenario and makes enumerateDevices much less useful for trackers. The spec change keeps enumerateDevices useful for pages that want to call getUserMedia with the updates we talked about: use deviceId constraints in getUserMedia without first calling enumerateDevices to validate deviceId values. -- GitHub Notification of comment by youennf Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/709#issuecomment-688868015 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 8 September 2020 13:32:09 UTC