Re: [rtcweb] ICE exposes 'real' local IP to javascript

Den 05. feb. 2015 07:39, skrev Bjoern Hoehrmann:
> * Harald Alvestrand wrote:
>> On 02/03/2015 06:15 PM, Roman Shpount wrote:
>>> The thing I was wondering about was, should there be a confirmation
>>> dialog when browser tries to setup any type of peer-to-peer
>>> connection? We get a confirmation dialog when microphone or camera
>>> access is requested. I think setting up a peer-to-peer connection is
>>> something that should be controlled by the user on the per web site
>>> basis in the similar manner.
>>
>> We have discussed this before, and concluded that a confirmation dialog
>> makes no more sense than having a confirmation dialog for performing an
>> XHR request or opening a Websocket - neither of which requires
>> confirmation dialogs today.
> 
> Neither of those disclose information not otherwise available to random
> web sites, so that is not a valid comparison.
> 

"Not otherwise" is a misnomer here. They expose a ton of information
(think HTTP headers), but the information they expose is inherent in
providing the functionality they do provide. The reason we don't think
of them as such is because we've become used to that information being
provided.

The question before us is whether or not the disclosure of information
is an appropriate tradeoff in providing the service it's needed for.

Received on Thursday, 5 February 2015 07:28:33 UTC