On Fri, Sep 26, 2014 at 10:58 PM, Anne van Kesteren <[email protected]> wrote: > Exposing geolocation on unauthenticated origins was a mistake. Copying > that for getUserMedia() is too. I suggest that to protect our users we > make some noise about deprecating this practice. And that in that > message we convey we plan to disable both on unauthenticated origins > once 2015 is over.
I should have followed up on the other thread by now, but following up here, since this is kind of a continuation of the other thread: I think EKR's point about a one-time (non-persistent) grant when you know what's in front of the camera isn't really much different from using a form to upload a file over http is persuasive. And like Richard said in his reply, a one-time, non-persistent geolocation grant isn't that different from typing in an address into a form and submitting it over http. For immediate user security, do we really need to block the use of there APIs on http if every API call prompts? By "immediate" I mean "ignoring the long term effects on the rate of https usage". I want the rate of https usage to increase, but it's not clear that breaking existing http: sites' use of geolocation that aren't actually more dangerous that typing an address into an unauthenticated form is a good way to get there. (I think making HTTP/2 https:-only would be a much better way.) > More immediately we should make it impossible to make persistent > grants for these features on unauthenticated origins. This I agree with when it comes to privacy-sensitive API: Granting a persistent permission to an http: origin amounts to granting a persistent permission to everyone who in the future has a chance of performing an active MITM attack on you. Moreover, as long as the storage for the permissions doesn't store the full origin, we should make sure that when the APIs are used on http: origins, the code first realizes the call is on an unauthenticated origin before the code tries to look at the permission storage. -- Henri Sivonen [email protected] https://hsivonen.fi/ _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
