Re: [mediacapture-main] risk model of stored permissions and constraint opportunities (#991)

Thank you for calling attention to this! I agree websites have not responded adequately to this risk. Things I think might help: clearer spec guidance https://github.com/w3c/webappsec-permissions-policy/issues/547; calling them out on it; competition.

Where I disagree:

> In this case, I do trust Replit (they have my credit card), ... As a user, the unexpected gap in the trust model is that I have to trust everyone else creating content on Replit (not intuitive nor practical), ...

Maybe don't trust websites that create such gaps, and complain?

> the high cost/complexity of securing this trust the "right" way suggests it should be browser-side

That would be a regression. We tried this before https://github.com/w3c/webappsec-permissions-policy/issues/9. The idea of trusting iframes within a page was more confusing to most users, not less.

Think of what the prompt would say. Figma defines what a "figma plugin" is. Steam defines what a "game" is. You don't want browsers defining these things.

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/991#issuecomment-2097023908 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 6 May 2024 22:21:20 UTC