On Thu, Dec 19, 2013 at 2:45 PM, Ami Fischman <fisch...@chromium.org> wrote: > On Wed, Dec 18, 2013 at 8:38 PM, Ian Hickson <i...@hixie.ch> wrote: > >> On Tue, 17 Dec 2013, Ami Fischman wrote: >> > Recently <https://www.w3.org/Bugs/Public/show_bug.cgi?id=23263> >> > Navigator acquired the ability to enumerate media output devices (in >> > addition to input devices): >> > >> http://dev.w3.org/2011/webrtc/editor/getusermedia.html#enumerating-devices >> What's the privacy story for this API? >> > > I don't follow public-media-capture but the spec above says: > > The method must only return information that the script is authorized to > access (TODO expand authorized). > > A narrow reading of that "authorized" would be "devices to which the user > has already granted access through getUserMedia" though I don't want to put > words in that group's mouth.
Do you mean to make this per-origin as well? (It will require storing that information per-origin forever, or until some invisible timeout.) That seems about as restrictive as one could make it, but is the API going to actually be useful in this state? Philip