There are some great ideas here. I think we should create a feature
page for at least #1&2 and add it to the Security Roadmap. I also think
we can do #5.
To go into detail...
On 4/11/12 12:54 AM, Jesse Ruderman wrote:
1) If a site sends an STS header, and the user has any data (cookies,
pas
Please reply-to dev-weba...@lists.mozilla.org
Name of API: Resource Lock API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
Brief purpose of API: Prevent the screen from being dimmed or switched off
General Use Cases: Request a lock to stop the screen from being dimmed, even if
t
Please reply-to dev-weba...@lists.mozilla.org
Name of API: Settings API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=678695
Brief purpose of API: API to configure device settings
General Use Cases: None
Inherent threats:
*Access sensitive configuration data (wifi passwords etc)
*Chan
Please reply-to dev-weba...@lists.mozilla.org
Name of API: Browser API
Reference: https://wiki.mozilla.org/WebAPI/EmbeddedBrowserAPI
Brief purpose of API: Provide an iframe that acts as a web browser
General Use Cases: None
Inherent threats:
* browser can see all data from all websites, and per
Please reply-to dev-weba...@lists.mozilla.org
Name of API: Idle API
Reference: https://wiki.mozilla.org/WebAPI/IdleAPI
Brief purpose of API: Notify an app if the user is idle
General Use Cases: Notify a web page is a user is idle (e.g. to change a status
in an instant messaging program)
Inhere
Please reply-to dev-weba...@lists.mozilla.org
Name of API: Web SMS API
References: https://bugzilla.mozilla.org/show_bug.cgi?id=674725
Brief purpose of API: Send and recieve SMS messages
General Use Cases: None
Inherent threats:
* Sending an SMS costs user money, premium SMS services, SMS payme
Please reply-to dev-weba...@lists.mozilla.org
Name of API: Open Web App API
Reference: https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API
Brief purpose of API: The Open Web Apps JavaScript API is a programmatic
interface for installing Web apps and for managing a client-side collect
Last call for comments! So far the only feedback I have received is that it
would be good to have a UI mechanism for determine which app is triggering the
vibration, which sounds like a reasonable idea to me. Thanks!
Lucas.
On Apr 11, 2012, at 10:36 PM, Lucas Adamski wrote:
> Name of API: V
> NO. it *has* to be "the Operating System embeds the 'magic' photo or
> videorecord icons". you CANNOT do "security by cooperation in
> userspace". this isn't firefox: it's a completely different ballgame.
This is the same as text input within the browser on Android - there is a
DOM element t
On Sun, Apr 15, 2012 at 5:30 PM, lkcl luke wrote:
> On Sun, Apr 15, 2012 at 9:32 PM, Adrienne Porter Felt
> wrote:
> > Would the following suggestion solve the problem?
> >
> > * Applications may embed the "magic" photo or videorecord icons.
>
> NO. it *has* to be "the Operating System embeds
The countdown annoyance could also be mitigated by adding an "always allow"
option to the user countdown indicator or recording notification UI. That
way a user can grant her favorite alternative Camera application persisted
access to immediate stream access. Those two concepts combined solve the
The trick with a notification is that you want the user to be able to say
"ack! not wearing pants! stop!" before the app actually gets any data.
There are some ramifications of this:
* You probably want a software notification so that the user can click on
the notification and halt the recording.
Why wouldn't a hardware camera light and/or persisted "recording" indicator
(bar, light or otherwise) sufficient for both cases? The general idea
being that the user is now forced into being aware of the recording process
and can always terminate it in the same way.
Also, I think the idea of a fo
Would the following suggestion solve the problem?
* Applications may embed the "magic" photo or videorecord icons. As soon
as the user presses the button, the app receives the data. A notification
is present as long as the app is recording. The API provides an optional
preview window, but the a
14 matches
Mail list logo