<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 22, 2015 at 5:44 PM, <span dir="ltr"><<a href="mailto:steven.mcardle@doctor2go.co.nz" target="_blank">steven.mcardle@doctor2go.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Actually I am suggesting that Hello is EXACTLY the same as any GUM based site and as such should work the same. User gives permission before access is granted to the devices.<br>
<br>
FF is a browser and should behave like one. I cannot use this particular Hello functionality with my WebRTC Telehealth offering, and Hello should not be able to do the same. Users have been educated for years regarding the browser sandboxing approach regarding access to the actual machine. FF is a browser, not an OS, so if I want FF as my OS I will install FF OS.<br>
<br>
<br>
Any analogy with Skype in this thread is mute... Skype is a standalone app and is not governed by what we expect from our browser sandboxing. Hello runs in a browser and I expect it to behave like it does, leaving me, the user, the option as to wether or not I allow Audio and or Video while my browser is open.<br>
<br>
This feature will not change users perceptions or advance the cause of WebRTC in the browser, because EVERY OTHER WebRTC page requires at least initial permission to be granted if run over SSL.<br>
<br>
I may well have overstated the security risks according to some., but the reality is that FF has moved the goal posts and can now access my devices directly. </blockquote><div><br></div><div>I don't understand this argument. Firefox could always access your devices correctly.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">That button to start a conversation is just that, a button. It can be scripted to be pressed and start up with no intervention from the user, GUM permissions cannot do this. So it's not the same.<br></blockquote><div><br></div><div>How do you believe this can happen without compromising Firefox? And if you can do that,</div><div>you can simply bypass any Firefox permissions checks.</div><div><br></div><div>The rationale for the permissions prompts is that the browser is in a separate security</div><div>context from the web pages and so it can meaningfully enforce checks on it. This</div><div>isn't really true for Hello.</div><div><br></div><div>-Ekr</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Basically, FF has implemented a feature that can bypass user permissions to activate devices and this can be misused going down the line. There is absolutely NO reason why Hello could not just request access, at least the first time, and give the use back some sense of security and of being in control.<br>
<br>
<br>
Just because desktop app can automatically access anything on my system does NOT mean that a browser should ever be allowed to do so, unless I give it permission.<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<br>
<br>
<br>
On 2015-03-21 06:37, Gavin Sharp wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The analogy is just a tool to get at the core of the misunderstanding.<br>
With Firefox Hello (and more broadly with WebRTC), we are making<br>
voice+video communication first-class parts of the web and the web<br>
browsing experience. And so user expectations will follow.<br>
<br>
Maire filed <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1145053" target="_blank">https://bugzilla.mozilla.org/<u></u>show_bug.cgi?id=1145053</a><br>
precisely because, as you say, the expectations might be different<br>
today. But that bug is very specifically scoped: in the scenarios<br>
where it is possible for Firefox to start using your camera and<br>
microphone, it should be clear to the user that it will happening, and<br>
why that is happening. I don't think we're that far from it today: to<br>
get to the situation where Firefox uses your camera, you need to have<br>
gone through this experience:<br>
<br>
<a href="https://cloudup.com/c_CLMiIaykf" target="_blank">https://cloudup.com/c_<u></u>CLMiIaykf</a><br>
<br>
I would say that user expectations are being pretty clearly set that<br>
this is a video communication tool.<br>
<br>
What Steven seems to be suggesting is that the only solution for that<br>
problem requires that the user interface for using Hello match the GUM<br>
permission prompt experience exactly, and there I disagree. The GUM<br>
permission prompt is designed for a very different usage scenario with<br>
very different security constraints (arbitrary web sites requesting<br>
access to your camera). And it has its own usability issues (which we<br>
would like to fix, see e.g.<br>
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1119841" target="_blank">https://bugzilla.mozilla.org/<u></u>show_bug.cgi?id=1119841</a>).<br>
<br>
Gavin<br>
<br>
On Fri, Mar 20, 2015 at 9:17 AM, bobbuun <<a href="mailto:bobbuun@hotmail.com" target="_blank">bobbuun@hotmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Asking about Skype is a false analogy.<br>
<br>
Skype is a bottom to top an IM & video conferencing package. There's an<br>
expectation for it to access microphone or camera. (And, it does indeed<br>
place the power in the hands of the user to click to start transmitting<br>
video.) Many users also only start Skype when they want to use it and close<br>
it at other times, which is implicitly "giving permission". It's also a<br>
single product without a robust add-in infrastructure like Firefox.<br>
<br>
Firefox is a web browser. There's absolutely no expectation for it to have<br>
access to your microphone or camera, and certainly never should interact<br>
with them without the user confirming it as such. Most users leave their web<br>
browser open all the time. Firefox is also an ecosystem of its own, with<br>
add-ins, functionality on different web pages.<br>
<br>
(As a side note, I notice Hello no longer allows text-chat-only<br>
communications; it now refuses to do anything if it doesn't get camera and<br>
mic. It's also now opening up as a little widget instead of as a web page<br>
tab as it previously did.)<br>
<br>
-Daryl<br>
<br>
<br>
<br>
On 03/20/2015 11:44 AM, Gavin Sharp wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Hi Steven,<br>
<br>
I've been following the bugs you've been commenting on - it's clear<br>
you have some strong feelings about this.<br>
<br>
Rather than discuss point-by-point, let me try a clarifying<br>
comparison: do you think that Skype should show GUM-style permission<br>
prompts when it first accesses your camera/microphone?<br>
<br>
If yes, then I suspect we may have irreconcilable product design<br>
differences - we are probably unlikely to get to agreement through<br>
discussion here about the security/usability tradeoffs involved, and<br>
should probably just agree to disagree.<br>
<br>
If no, then I'm curious why you think that case is different than this<br>
one.<br>
<br>
Gavin<br>
</blockquote>
<br>
______________________________<u></u>_________________<br>
firefox-dev mailing list<br>
<a href="mailto:firefox-dev@mozilla.org" target="_blank">firefox-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/firefox-dev" target="_blank">https://mail.mozilla.org/<u></u>listinfo/firefox-dev</a><br>
</blockquote>
______________________________<u></u>_________________<br>
firefox-dev mailing list<br>
<a href="mailto:firefox-dev@mozilla.org" target="_blank">firefox-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/firefox-dev" target="_blank">https://mail.mozilla.org/<u></u>listinfo/firefox-dev</a><br>
</blockquote>
______________________________<u></u>_________________<br>
firefox-dev mailing list<br>
<a href="mailto:firefox-dev@mozilla.org" target="_blank">firefox-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/firefox-dev" target="_blank">https://mail.mozilla.org/<u></u>listinfo/firefox-dev</a><br>
</div></div></blockquote></div><br></div></div>