- From: youennf via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Sep 2020 16:14:05 +0000
- To: public-webrtc-logs@w3.org
> Any software (malicious or otherwise) can call getUserMedia() and immediately close the stream == no capture indicator. It does not provide a counterpoint here. No. For instance, Chrome is adding a camera/microphone icon in its address bar if getUserMedia is called successfully, even after all tracks got stopped. In general, capture indicators should at all cost prevent an attacker to capture even very small amount of images or short audio samples without the user able to notice it. I agree the spec could add more guidance about how much indicators should stay live so that a reasonably-observant user will notice them. Note also that a getUserMedia call requires the page to have focus so the capture indicators will be visible. > And let's not forget, the precondition to _all_ of this is that the site took the risk on the privacy prompt No. The web site can use the permission API to know whether a user will be prompted or not. The prompt mitigation may not work in all configurations. -- GitHub Notification of comment by youennf Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/709#issuecomment-688984572 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 8 September 2020 16:14:07 UTC