Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling

[Lorenzo Miniero <lorenzo@meetecho.com>]

On Wed, 28 Mar 2018 03:49:59 +0200
Lennart Grahl <lennart.grahl@gmail.com> wrote:

> On 27.03.2018 18:57, Cullen Jennings wrote:
> > This draft results in the situation where implementations decide if
> > they should reveal the users location to the website by asking a
> > questions of the form "Will you allow example.com to use your
> > camera?" If the user says that is OK to use their camera, in many
> > cases they have also allowed the website to get their location via
> > the IP address. From a user point of view, I think this is awful,
> > There are many reasons I might allow a website I do not trust to
> > know my location to access my camera - for example, I have a black
> > cover over my camera and the website won't work unless I say yes to
> > this request. Or a webcam worker where the job involves revealing
> > video but revealing the locations they work at may put them at risk
> > of serious harm. Or I am in a domestic abuse shelter and want to
> > have a call but revealing may location puts me at risk of physical
> > harm. I do not think the IETF should in any way endorse this
> > extremely misleading form of consent. It is simply not consent. I
> > realize t  
>  his would be good for companies that are primary funded by by web
> advertising for which location is valuable.
> 
> I agree with you here and this is most likely the reason why WebRTC is
> on the blacklist of many privacy extensions for browsers.
> 
> However, I believe there could be a form of consent in the browsers -
> tell them what you actually want to do: Expose (all) private IP
> addresses to create a direct connection. Yes, getting users to
> understand what it means to "establish a direct connection" may not be
> trivial - granted. But it's much more sincere AND it would not
> discriminate data channel only use cases (yeah, it's really shady to
> request capture permissions to be able to use mode 1).
> 


And let's not forget we're not just talking of discriminating data
channels, here. As someone else already pointed out, this would affect
recvonly audio/video PeerConnections as well. Requiring access to
a local device to implement those would be a very hacky solution (and
in fact Safari, which currently does something like this, is horrible
in that regard), especially considering that, just as for data channels,
there would be no need to require access to your webcam if you just
wanted to attend a webinar and never say anything yourself. It would
actually have the effect of looking even shadier to end users ("why
exactly do you want to access my webcam? I'm just trying to watch
something here!"), just as it would for datachannel-only PCs, and
further reduce the trust people would have in WebRTC as a technology.

As Lennart said, a different popup that says something like "this page
wants to create <something>" would be a much better solution. Yes,
another UI knob or something like this, but still much better than
abusing the only consent request we currently expose simply because
it's, again, the only we have and we don't want to annoy users too much.

Lorenzo 

 
> And FWIW I'm not sure this form of consent fits into the scope of the
> IETF. Maybe the modes could be defined in this document and which mode
> to choose under which circumstances could be moved into the W3C
> WebRTC spec.
> 
> Cheers
> Lennart
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb



-- 
I'm getting older but, unlike whisky, I'm not getting any better
https://twitter.com/elminiero