This repository has been archived by the owner on Jul 30, 2019. It is now read-only.
Privacy concern with capture attribute #1457
Comments
LJWatson
added a commit
that referenced
this issue
Jun 20, 2018
This was referenced Jun 20, 2018
LJWatson
added a commit
that referenced
this issue
Jun 20, 2018
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Originally filed by email from Nick Doty, in response to a wide review request to the Privacy IG.
There are some nice privacy advantages to using this model of user-directed input for camera access and it's nice to see that reflected in the HTML spec.
The capture attribute is defined in the html-media-capture specification. Implementors should note the requirements on user agents defined in that
specification have security and privacy implications.
The grammar is a little ambiguous here, but it sounds like this is intended to parse as "implementors should note
thatthe requirements on user agentshave security and privacy implications".
The Media Capture spec's Security and privacy considerations section is non-normative; it explicitly doesn't add those as normative requirements on the
UA. Perhaps it should; the advice about stripping invisible, sensitive metadata (the example is EXIF data, which might include geolocation) seems especially
important.
There are privacy implications to other requirements in that spec. For example, the UA is forbidden from saving captured media to storage, which seems
like a privacy advantage, although I could imagine some abuse or violation of user preferences from that requirement.
Is this just a general reminder to implementers that they should consider security and privacy when implementing this other specification? Could we provide
something more substantive or is the group just looking to hint at unspecified privacy implications?
The text was updated successfully, but these errors were encountered: