[mediacapture-main] In-content device selection a mistake. Too complicated, leaks info (#652)

jan-ivar has just created a new issue for https://github.com/w3c/mediacapture-main:

== In-content device selection a mistake. Too complicated, leaks info ==
In hindsight, in-content device selection was a mistake. It's
 * **Too permissive**—assumes all devices granted up-front to work effectively (wo/reprompt)
 * **Too complicated**—having every site write a decent picker compatibly has been a failure:
    * Exhibit A: Changing camera **_or_** mic in [webrtc samples](https://webrtc.github.io/samples/src/content/devices/input-output/) re-prompts **_both_** in Firefox; flickers
    * Mobile devices typically can't open more than once device at a time ("stop-then-pick")
    * Stop-then-pick is an inferior user experience on desktops
    * Dealing with different browser permission models severely limits design (no previews)
 * **Leaks private info**—fails PING review https://github.com/w3c/mediacapture-main/issues/640
 * **Too limiting**—no path to privacy (can't avoid redundant re-prompts *after* user selection)

The PING outlines the way forward in https://github.com/w3c/mediacapture-main/issues/640#issuecomment-549540203:
> Privacy-by-default flow:
> 
> Initially site has access to no devices or device labels
> 
> 1. site asks for category (or categories) of device
> 2. browser prompts user for one, many or all devices
> 3. site gains access to only the device, and device label, of the hardware the user selects.

That's an in-chrome picker (_"in-chrome"_ = implemented in the browser). In-chrome pickers
 * **Are proven successful**—in [getDisplayMedia](https://jan-ivar.github.io/dummy/gdm.html)
 * **The way forward**—for speakers https://github.com/w3c/mediacapture-output/pull/86
 * **Remove the need to grant all devices** ❤️ 
 * **Let UAs solve mobile** platforms that can’t open multiple devices (mute temporarily)
 * **Let UAs solve camera previews** maybe even in a (non-creepy) Brady Bunch grid!

https://github.com/w3c/mediacapture-main/pull/644 is my proposal for reshaping `getUserMedia` to serve this need, as well as solve https://github.com/w3c/mediacapture-main/issues/648.

Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/652 using your GitHub account

Received on Monday, 16 December 2019 21:22:07 UTC