- From: Julien Cayzac <julien.cayzac@gmail.com>
- Date: Tue, 4 May 2010 11:37:44 +0900
(forgot to do a Reply to all on this one. Sorry, Anne, for the duplicate) On Tue, May 4, 2010 at 11:13 AM, Anne van Kesteren <annevk at opera.com> wrote: > What is the model for protecting user privacy here? It was in my message: "in both cases the browser should notify the user the page is requesting permission to access these devices". The same is done today with the geolocation feature, for instance. The user has to give access permission to the page, in a browser-dependent way. > Large part of the motivation for something like the <device> element is that > the user is actively involved in giving the website the ability to access > the user's camera stream and use it. (E.g. manipulate it through <canvas> or > transmit it over the wire using WebSocket.) I am not sure if I get your point here: are you saying that using the webcam locally in a canvas and somehow transmitting the webcam video over the network are two independent permissions to grant? If so, how would you detect the latter, since by allowing the page to manipulate the video in <canvas> you would give it permission to use toDataURL() too, so it could still transmit frames to the server or to other party if a ConnectionPeer is involved? Julien. -- Julien Cayzac http://julien.cayzac.name/ skype://jcayzac?chat
Received on Monday, 3 May 2010 19:37:44 UTC