Re: Offline webapps and speech UI from Bjorn Bringert on 2010-11-03 (public-xg-htmlspeech@w3.org from November 2010)

From: Bjorn Bringert <bringert@google.com>
Date: Wed, 3 Nov 2010 13:56:19 +0100
To: Olli@pettay.fi
Cc: public-xg-htmlspeech@w3.org
Message-ID: <AANLkTi=7iHyr901vvgjkeE0XX1oQ+KAJdhH8XLhVKnBo@mail.gmail.com>

I think that offline use is a good argument for the new requirements
that were discussed in the face-to-face meeting yesterday:

- User agents can refuse to use speech service implementations
specified by the web application. So in offline mode, the browser can
fall back to an embedded recognizer.

- If the user agent uses speech services specified by the web
application, the user must be informed.


/Bjorn

On Wed, Nov 3, 2010 at 10:13 AM, Olli Pettay <Olli.Pettay@helsinki.fi> wrote:
> Hi,
>
> I think there should a requirement to support speech UI
> in offline webapps.
> In practice that means local speech engines, so offline web apps
> may not support all kinds of speech interactions, but basic things
> could be possible.
>
>
> Another possible requirement is that webapps should not know the exact
> speech engine installed locally. I mean the vendor and version etc.
> There are few reasons for this; webapps should just work everywhere,
> no browser/speech engine specific hacks.
> Another reason is that by exposing the exact vendor/version, that would
> help hackers to attack against that particular system.
> (I assume many speech engines are written in C/C++ or in other unsafe
> languages and may not be fuzz tested properly. Well, implementation
> done in a memory safe language may still have other security bugs.
> I basically want to make a new attack vector a tiny bit harder for hackers.)
> Third reason would be to not add yet another way to fingerprint user.
>
>
> Also, if browser doesn't use local speech engines, user should know
> about it. But that might be something we can't require, but
> something which UA implementors need to take care of, since it affects
> also to the possible speech UI of the browser, not only webapps.
> (I don't want to send any speech data to random server without knowing it. )
>
>
> -Olli
>
>



-- 
Bjorn Bringert
Google UK Limited, Registered Office: Belgrave House, 76 Buckingham
Palace Road, London, SW1W 9TQ
Registered in England Number: 3977902

Received on Wednesday, 3 November 2010 12:56:52 UTC