Re: [whatwg] Do we really need to introduce a device element for giving access to webcams and mikes?
The device was added by Ian Hickson in response to some of the work in the W3C DAP working group. The original intent was to make sure the user are actively grant permission to a particular device camera or microphone instead of just click okay since some malicious site can just capture and post it on the internet. Here is a reference to the work in W3C DAP: http://dev.w3.org/2009/dap/camera/Overview.html Some threads on the topic: http://lists.w3.org/Archives/Public/public-device-apis/2009Dec/0248.html http://lists.w3.org/Archives/Public/public-device-apis/2009Dec/0194.html Thanks Dzung Tran, -Original Message- From: whatwg-boun...@lists.whatwg.org [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of Julien Cayzac Sent: Monday, May 03, 2010 07:41 PM To: whatwg@lists.whatwg.org Subject: Re: [whatwg] Do we really need to introduce a device element for giving access to webcams and mikes? On Tue, May 4, 2010 at 11:37 AM, Julien Cayzac julien.cay...@gmail.com wrote: I am not sure if I get your point here: are you saying that using the webcam locally in a canvas and somehow transmitting the webcam video over the network are two independent permissions to grant? If so, how would you detect the latter, since by allowing the page to manipulate the video in canvas you would give it permission to use toDataURL() too, so it could still transmit frames to the server or to other party if a ConnectionPeer is involved? To answer my own question: by raising the origin-clean flags of the canvas element the webcam was attached to. Now, I see no reference to any interaction between device and canvas mentionned in http://dev.w3.org/html5/html-device/ Julien. -- Julien Cayzac http://julien.cayzac.name/ skype://jcayzac?chat
[whatwg] Do we really need to introduce a device element for giving access to webcams and mikes?
Hi, I've been reading lately about the new proposed device element, and was wondering if it was needed at all. IMHO, a video originating from an attached camera is not different from a video originating from the network, so video could be used here. Displaying the webcam in a page could be done like this: video autoplay controls source src=webcam:640,480,25 / !-- 640x480, 25fps -- source src=webcam:320,240,* / !-- will be tried if the webcam doesn't support the above settings -- source src=mire.mp4 / !-- no webcam attached? show this video instead -- /video Same could be done with audio for adding microphone support, and in both cases the browser should notify the user the page is requesting permission to access these devices. Now, I am aware HTMLMediaElement doesn't offer any methods to actually query the data it serves or to get notified as more incoming data gets received, which makes my proposal useless. Still, such methods could be used in other scenarios, like a browser-based video editing app, so adding them would make sense in my opinion. Thanks, Julien. -- Julien Cayzac http://julien.cayzac.name/ skype://jcayzac?chat
Re: [whatwg] Do we really need to introduce a device element for giving access to webcams and mikes?
On Tue, 04 May 2010 11:01:14 +0900, Julien Cayzac julien.cay...@gmail.com wrote: I've been reading lately about the new proposed device element, and was wondering if it was needed at all. IMHO, a video originating from an attached camera is not different from a video originating from the network, so video could be used here. Displaying the webcam in a page could be done like this: video autoplay controls source src=webcam:640,480,25 / !-- 640x480, 25fps -- source src=webcam:320,240,* / !-- will be tried if the webcam doesn't support the above settings -- source src=mire.mp4 / !-- no webcam attached? show this video instead -- /video Same could be done with audio for adding microphone support, and in both cases the browser should notify the user the page is requesting permission to access these devices. Now, I am aware HTMLMediaElement doesn't offer any methods to actually query the data it serves or to get notified as more incoming data gets received, which makes my proposal useless. Still, such methods could be used in other scenarios, like a browser-based video editing app, so adding them would make sense in my opinion. What is the model for protecting user privacy here? Large part of the motivation for something like the device element is that the user is actively involved in giving the website the ability to access the user's camera stream and use it. (E.g. manipulate it through canvas or transmit it over the wire using WebSocket.) -- Anne van Kesteren http://annevankesteren.nl/
Re: [whatwg] Do we really need to introduce a device element for giving access to webcams and mikes?
(forgot to do a Reply to all on this one. Sorry, Anne, for the duplicate) On Tue, May 4, 2010 at 11:13 AM, Anne van Kesteren ann...@opera.com wrote: What is the model for protecting user privacy here? It was in my message: in both cases the browser should notify the user the page is requesting permission to access these devices. The same is done today with the geolocation feature, for instance. The user has to give access permission to the page, in a browser-dependent way. Large part of the motivation for something like the device element is that the user is actively involved in giving the website the ability to access the user's camera stream and use it. (E.g. manipulate it through canvas or transmit it over the wire using WebSocket.) I am not sure if I get your point here: are you saying that using the webcam locally in a canvas and somehow transmitting the webcam video over the network are two independent permissions to grant? If so, how would you detect the latter, since by allowing the page to manipulate the video in canvas you would give it permission to use toDataURL() too, so it could still transmit frames to the server or to other party if a ConnectionPeer is involved? Julien. -- Julien Cayzac http://julien.cayzac.name/ skype://jcayzac?chat
Re: [whatwg] Do we really need to introduce a device element for giving access to webcams and mikes?
On Tue, May 4, 2010 at 11:37 AM, Julien Cayzac julien.cay...@gmail.com wrote: I am not sure if I get your point here: are you saying that using the webcam locally in a canvas and somehow transmitting the webcam video over the network are two independent permissions to grant? If so, how would you detect the latter, since by allowing the page to manipulate the video in canvas you would give it permission to use toDataURL() too, so it could still transmit frames to the server or to other party if a ConnectionPeer is involved? To answer my own question: by raising the origin-clean flags of the canvas element the webcam was attached to. Now, I see no reference to any interaction between device and canvas mentionned in http://dev.w3.org/html5/html-device/ Julien. -- Julien Cayzac http://julien.cayzac.name/ skype://jcayzac?chat