- From: hills via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Sep 2020 15:31:05 +0000
- To: public-webrtc-logs@w3.org
> > And the actual privacy in the above hinges on the assumption that trackers "would not risk a prompt" (quoted from #697) to try for permissions. > > Either prompt or capture indicator. [...] > basically capture indicator will prevent trackers to try this approach No, not the capture indicator. Any software (malicious or otherwise) can call getUserMedia() and immediately close the stream == no capture indicator. It does not provide a counterpoint here. And let's not forget, the precondition to _all_ of this is that the site took the risk on the privacy prompt (making it is out of scope of the chosen definition of a "tracker"); and furthermore _the user granted that permission_. The completion of the permissions check is the point at which enumerateDevices() _should_ be allowed (with no adverse consequences), and if we can accept that then perhaps then... > There is no identified benefit to do that before step 3 after #717. ... the benefits of doing so will become relevant. But for now I agree to focus one one point at a time. -- GitHub Notification of comment by hills Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/709#issuecomment-688956715 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 8 September 2020 15:31:07 UTC