> Is there any place in the UI to improve this via messaging? For example, > https://site.com/ => "Would you like to share your camera with site.com?", > but http://site.com/ => "Would you like to permanently share your camera > with any site claiming to be site.com? *Note: Firefox cannot verify this > claim for an http:// URL."
To a first approximation, "no". It's incredibly difficult to explain this threat model to users, and even if we could do that perfectly, the cognitive burden on them of understanding it and then making decisions based on that understanding is significant, and not something we want to put on them. "Only allow the safe thing" is the only really scalable solution, despite it causing some short-term compatibility pain. Gavin On Tue, Mar 10, 2015 at 8:48 AM, Steve Fink <sf...@mozilla.com> wrote: > Is there any place in the UI to improve this via messaging? For example, > https://site.com/ => "Would you like to share your camera with site.com?", > but http://site.com/ => "Would you like to permanently share your camera > with any site claiming to be site.com? *Note: Firefox cannot verify this > claim for an http:// URL." > > Or something. I'm diverging a little from the question of persistence, > though partly because I was surprised that the permissions dialog in Nightly > doesn't distinguish between a session vs permanent persistence. Shouldn't > there be "For this session only" and "Always" options? (This isn't purely > academic for me. A relative of mine got completely freaked out by a scam > demanding IRS back taxes or something, and she specifically believed it > because the demand page included a snapshot of her taken with her laptop > camera. Her camera is now taped over. Getting this stuff right matters.) > > I also notice that when I grant a site permission to access my camera, it > doesn't show up in Page Info :: Permissions. Geolocation is there. And I see > a camera icon in the address bar. > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
