SlideShare una empresa de Scribd logo

WebRTC: User Security & Privacy

Anant Narayanan
Anant Narayanan

A review of the security and privacy concerns for WebRTC implementors.

TecnologíaNoticias y política
1 de 10
Descargar para leer sin conexión
WebRTC: User Security & Privacy W3C TPAC Anant Narayanan, Mozilla October 31, 2011 Tuesday, November 1, 11
Overview ✤ Placement in standard ✤ Behavior on getUserMedia() ✤ Immediate & long-term permissions ✤ Permissions & user model ✤ User privacy indicators ✤ Summary Tuesday, November 1, 11
Placement in Standard ✤ We currently do not specify what happens when getUserMedia is called with regards to asking user permission ✤ Such a specification may not fit in the standard as user agents vary wildly ✤ We can, however, come up with a set of “recommended guidelines” for major browser vendors to adopt (a specific type of a user agent) ✤ Open question: Is the W3C spec the right place to put this? Tuesday, November 1, 11
User Permission ✤ getUserMedia() is asynchronous to allow the UA to ask the user permission, and choose exactly what media gets shared: ✤ ✤ Audio from microphone(s) ✤ ✤ Video from webcam(s) Transmit A/V from local media files Give user complete control over what is transmitted, irrespective of what the web application asked for Tuesday, November 1, 11
Early Mockup Tuesday, November 1, 11
Details... ✤ Firefox “Doorhanger”, distinguishes a browser request from regular web content and is a trusted space ✤ ✤ If application asked for both audio and video, default to both but allow user override (not depicted) ✤ ✤ Somewhat harder to spoof than an infobar (not really, just 2px!) Front/Back camera preferences better handled as “hints”? A list of granted permissions is always available and revocable from a “preferences” pane Tuesday, November 1, 11
Immediate & long-term ✤ What is the time period for which the user grants access? ✤ Default is immediate (one-time only), user may explicitly choose “Always allow example.org to access A/V” ✤ Should the web-application be able to specify what type of access it needs? ✤ How are these permissions persisted? Tuesday, November 1, 11
Permissions & Sessions ✤ Initial proposal was to tie a permission grant to a time-frame and domain name ✤ Feedback from web developers: ✤ Permissions should actually be tied to a user session, not just domain. Until everyone uses BrowserID, this means cookie jar? ✤ More realistically, we could allow the application itself to “revoke” a granted permission if it detects a change in user session? Tuesday, November 1, 11
After permission is granted... Tuesday, November 1, 11
Summary ✤ Mostly a set of UI and interaction guidelines, may not be applicable to all user agents (or to varying degrees) ✤ Where do we write this stuff down? ✤ Other open questions: ✤ What happens if devices are already in use by another application? ✤ What is the interaction for an incoming call? Tuesday, November 1, 11

Recomendados

Android M - Runtime Permissions | Getting ready for Marshmallow
Android M - Runtime Permissions | Getting ready for MarshmallowAndroid M - Runtime Permissions | Getting ready for Marshmallow
Android M - Runtime Permissions | Getting ready for MarshmallowUmair Vatao
 
e-government services for the blind
e-government services for the blinde-government services for the blind
e-government services for the blindDavid Sugar
 
XML And Web Services Security Standards
XML And Web Services Security StandardsXML And Web Services Security Standards
XML And Web Services Security Standardsguest68465b
 
CSHALS 2010 W3C Semanic Web Tutorial
CSHALS 2010 W3C Semanic Web TutorialCSHALS 2010 W3C Semanic Web Tutorial
CSHALS 2010 W3C Semanic Web TutorialLeeFeigenbaum
 
Web Standards
Web StandardsWeb Standards
Web StandardsChrisF1502010
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Srs template ieee-movie recommender
Srs template ieee-movie recommenderSrs template ieee-movie recommender
Srs template ieee-movie recommender429SAYAKTRIPATHY
 
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...IEEEGLOBALSOFTSTUDENTPROJECTS
 

Recomendados

Android M - Runtime Permissions | Getting ready for Marshmallow
Android M - Runtime Permissions | Getting ready for MarshmallowAndroid M - Runtime Permissions | Getting ready for Marshmallow
Android M - Runtime Permissions | Getting ready for MarshmallowUmair Vatao
 
e-government services for the blind
e-government services for the blinde-government services for the blind
e-government services for the blindDavid Sugar
 
XML And Web Services Security Standards
XML And Web Services Security StandardsXML And Web Services Security Standards
XML And Web Services Security Standardsguest68465b
 
CSHALS 2010 W3C Semanic Web Tutorial
CSHALS 2010 W3C Semanic Web TutorialCSHALS 2010 W3C Semanic Web Tutorial
CSHALS 2010 W3C Semanic Web TutorialLeeFeigenbaum
 
Web Standards
Web StandardsWeb Standards
Web StandardsChrisF1502010
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Srs template ieee-movie recommender
Srs template ieee-movie recommenderSrs template ieee-movie recommender
Srs template ieee-movie recommender429SAYAKTRIPATHY
 
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...IEEEGLOBALSOFTSTUDENTPROJECTS
 
DZone-RUM
DZone-RUMDZone-RUM
DZone-RUMDan Boutin
 
538210-rc220-rum
538210-rc220-rum538210-rc220-rum
538210-rc220-rumDan Boutin
 
538210 rc220-rum
538210 rc220-rum538210 rc220-rum
538210 rc220-rumLiouane Youssef
 
The Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordThe Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordAlex Marsh
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applicationsSupreme O
 
10th heuristic evaluation
10th heuristic evaluation10th heuristic evaluation
10th heuristic evaluationTenia Wahyuningrum
 
Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Roger Hudson
 
Browser Based Performance Testing and Tuning
Browser Based Performance Testing and TuningBrowser Based Performance Testing and Tuning
Browser Based Performance Testing and TuningBala Murali Krishna Kanchukambala
 
Troubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationTroubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationUniface
 
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldAccessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldNina McHale
 
Continuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCContinuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCMike Brittain
 
Web Browser Privacy and Security
Web Browser Privacy and SecurityWeb Browser Privacy and Security
Web Browser Privacy and SecurityDaVidSilenceKawlni
 
070308-simmons.ppt
070308-simmons.ppt070308-simmons.ppt
070308-simmons.pptssuserec53e73
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base CampOliver Pfaff
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSarah Elson
 
MediaMosa and webservices
MediaMosa and webservicesMediaMosa and webservices
MediaMosa and webservicesherman van dompseler
 
T7L4.doc.doc
T7L4.doc.docT7L4.doc.doc
T7L4.doc.docVideoguy
 
Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Oleksii Prohonnyi
 
Android Trainning Session 2
Android Trainning Session 2Android Trainning Session 2
Android Trainning Session 2Shanmugapriya D
 
Sphereshield for Webex - Presentation
Sphereshield for Webex - PresentationSphereshield for Webex - Presentation
Sphereshield for Webex - PresentationAGATSoftware
 
Enterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsEnterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsAnant Narayanan
 
Building an Intelligent Assistant
Building an Intelligent AssistantBuilding an Intelligent Assistant
Building an Intelligent AssistantAnant Narayanan
 

Más contenido relacionado

Similar a WebRTC: User Security & Privacy

538210-rc220-rum
538210-rc220-rum538210-rc220-rum
538210-rc220-rumDan Boutin
 
The Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordThe Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordAlex Marsh
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applicationsSupreme O
 
Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Roger Hudson
 
Troubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationTroubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationUniface
 
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldAccessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldNina McHale
 
Continuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCContinuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCMike Brittain
 
Web Browser Privacy and Security
Web Browser Privacy and SecurityWeb Browser Privacy and Security
Web Browser Privacy and SecurityDaVidSilenceKawlni
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSarah Elson
 
T7L4.doc.doc
T7L4.doc.docT7L4.doc.doc
T7L4.doc.docVideoguy
 
Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Oleksii Prohonnyi
 
Android Trainning Session 2
Android Trainning Session 2Android Trainning Session 2
Android Trainning Session 2Shanmugapriya D
 
Sphereshield for Webex - Presentation
Sphereshield for Webex - PresentationSphereshield for Webex - Presentation
Sphereshield for Webex - PresentationAGATSoftware
 

Similar a WebRTC: User Security & Privacy (20)

DZone-RUM
DZone-RUMDZone-RUM
DZone-RUM
 
538210-rc220-rum
538210-rc220-rum538210-rc220-rum
538210-rc220-rum
 
538210 rc220-rum
538210 rc220-rum538210 rc220-rum
538210 rc220-rum
 
The Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordThe Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome Sword
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applications
 
10th heuristic evaluation
10th heuristic evaluation10th heuristic evaluation
10th heuristic evaluation
 
Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0
 
Browser Based Performance Testing and Tuning
Browser Based Performance Testing and TuningBrowser Based Performance Testing and Tuning
Browser Based Performance Testing and Tuning
 
Troubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationTroubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx Presentation
 
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldAccessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
 
Continuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCContinuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYC
 
Web Browser Privacy and Security
Web Browser Privacy and SecurityWeb Browser Privacy and Security
Web Browser Privacy and Security
 
070308-simmons.ppt
070308-simmons.ppt070308-simmons.ppt
070308-simmons.ppt
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base Camp
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal Effort
 
MediaMosa and webservices
MediaMosa and webservicesMediaMosa and webservices
MediaMosa and webservices
 
T7L4.doc.doc
T7L4.doc.docT7L4.doc.doc
T7L4.doc.doc
 
Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)
 
Android Trainning Session 2
Android Trainning Session 2Android Trainning Session 2
Android Trainning Session 2
 
Sphereshield for Webex - Presentation
Sphereshield for Webex - PresentationSphereshield for Webex - Presentation
Sphereshield for Webex - Presentation
 

Más de Anant Narayanan

Enterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsEnterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsAnant Narayanan
 
Building an Intelligent Assistant
Building an Intelligent AssistantBuilding an Intelligent Assistant
Building an Intelligent AssistantAnant Narayanan
 
WebRTC: A Practical Introduction
WebRTC: A Practical IntroductionWebRTC: A Practical Introduction
WebRTC: A Practical IntroductionAnant Narayanan
 
Message Passing vs. Data Synchronization
Message Passing vs. Data SynchronizationMessage Passing vs. Data Synchronization
Message Passing vs. Data SynchronizationAnant Narayanan
 
Firebase: Tales from the Trenches
Firebase: Tales from the TrenchesFirebase: Tales from the Trenches
Firebase: Tales from the TrenchesAnant Narayanan
 
Error Handling in WebRTC
Error Handling in WebRTCError Handling in WebRTC
Error Handling in WebRTCAnant Narayanan
 
Firefox Architecture Overview
Firefox Architecture OverviewFirefox Architecture Overview
Firefox Architecture OverviewAnant Narayanan
 
Next Generation Browser Add-Ons
Next Generation Browser Add-OnsNext Generation Browser Add-Ons
Next Generation Browser Add-OnsAnant Narayanan
 
An Overview of Distributed Debugging
An Overview of Distributed DebuggingAn Overview of Distributed Debugging
An Overview of Distributed DebuggingAnant Narayanan
 
A Brief Incursion into Botnet Detection
A Brief Incursion into Botnet DetectionA Brief Incursion into Botnet Detection
A Brief Incursion into Botnet DetectionAnant Narayanan
 
Mozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the BrowserMozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the BrowserAnant Narayanan
 
Distributed File Systems: An Overview
Distributed File Systems: An OverviewDistributed File Systems: An Overview
Distributed File Systems: An OverviewAnant Narayanan
 
Innovating with Mozilla Labs
Innovating with Mozilla LabsInnovating with Mozilla Labs
Innovating with Mozilla LabsAnant Narayanan
 
Glendix: The Why and the How
Glendix: The Why and the HowGlendix: The Why and the How
Glendix: The Why and the HowAnant Narayanan
 

Más de Anant Narayanan (20)

Enterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsEnterprise Scale Knowledge Graphs
Enterprise Scale Knowledge Graphs
 
Building an Intelligent Assistant
Building an Intelligent AssistantBuilding an Intelligent Assistant
Building an Intelligent Assistant
 
WebRTC: A Practical Introduction
WebRTC: A Practical IntroductionWebRTC: A Practical Introduction
WebRTC: A Practical Introduction
 
Message Passing vs. Data Synchronization
Message Passing vs. Data SynchronizationMessage Passing vs. Data Synchronization
Message Passing vs. Data Synchronization
 
Firebase: Tales from the Trenches
Firebase: Tales from the TrenchesFirebase: Tales from the Trenches
Firebase: Tales from the Trenches
 
WebRTC: An Overview
WebRTC: An OverviewWebRTC: An Overview
WebRTC: An Overview
 
Error Handling in WebRTC
Error Handling in WebRTCError Handling in WebRTC
Error Handling in WebRTC
 
WebRTC Demystified
WebRTC DemystifiedWebRTC Demystified
WebRTC Demystified
 
Firefox Architecture Overview
Firefox Architecture OverviewFirefox Architecture Overview
Firefox Architecture Overview
 
πP
πPπP
πP
 
Next Generation Browser Add-Ons
Next Generation Browser Add-OnsNext Generation Browser Add-Ons
Next Generation Browser Add-Ons
 
An Overview of Distributed Debugging
An Overview of Distributed DebuggingAn Overview of Distributed Debugging
An Overview of Distributed Debugging
 
A Brief Incursion into Botnet Detection
A Brief Incursion into Botnet DetectionA Brief Incursion into Botnet Detection
A Brief Incursion into Botnet Detection
 
Mozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the BrowserMozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the Browser
 
about:labs
about:labsabout:labs
about:labs
 
Distributed File Systems: An Overview
Distributed File Systems: An OverviewDistributed File Systems: An Overview
Distributed File Systems: An Overview
 
Innovating with Mozilla Labs
Innovating with Mozilla LabsInnovating with Mozilla Labs
Innovating with Mozilla Labs
 
Glendix: The Why and the How
Glendix: The Why and the HowGlendix: The Why and the How
Glendix: The Why and the How
 
Mozilla Prism
Mozilla PrismMozilla Prism
Mozilla Prism
 
Making Gentoo Tick
Making Gentoo TickMaking Gentoo Tick
Making Gentoo Tick
 

Último

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

WebRTC: User Security & Privacy

  • 1. WebRTC: User Security & Privacy W3C TPAC Anant Narayanan, Mozilla October 31, 2011 Tuesday, November 1, 11
  • 2. Overview ✤ Placement in standard ✤ Behavior on getUserMedia() ✤ Immediate & long-term permissions ✤ Permissions & user model ✤ User privacy indicators ✤ Summary Tuesday, November 1, 11
  • 3. Placement in Standard ✤ We currently do not specify what happens when getUserMedia is called with regards to asking user permission ✤ Such a specification may not fit in the standard as user agents vary wildly ✤ We can, however, come up with a set of “recommended guidelines” for major browser vendors to adopt (a specific type of a user agent) ✤ Open question: Is the W3C spec the right place to put this? Tuesday, November 1, 11
  • 4. User Permission ✤ getUserMedia() is asynchronous to allow the UA to ask the user permission, and choose exactly what media gets shared: ✤ ✤ Audio from microphone(s) ✤ ✤ Video from webcam(s) Transmit A/V from local media files Give user complete control over what is transmitted, irrespective of what the web application asked for Tuesday, November 1, 11
  • 6. Details... ✤ Firefox “Doorhanger”, distinguishes a browser request from regular web content and is a trusted space ✤ ✤ If application asked for both audio and video, default to both but allow user override (not depicted) ✤ ✤ Somewhat harder to spoof than an infobar (not really, just 2px!) Front/Back camera preferences better handled as “hints”? A list of granted permissions is always available and revocable from a “preferences” pane Tuesday, November 1, 11
  • 7. Immediate & long-term ✤ What is the time period for which the user grants access? ✤ Default is immediate (one-time only), user may explicitly choose “Always allow example.org to access A/V” ✤ Should the web-application be able to specify what type of access it needs? ✤ How are these permissions persisted? Tuesday, November 1, 11
  • 8. Permissions & Sessions ✤ Initial proposal was to tie a permission grant to a time-frame and domain name ✤ Feedback from web developers: ✤ Permissions should actually be tied to a user session, not just domain. Until everyone uses BrowserID, this means cookie jar? ✤ More realistically, we could allow the application itself to “revoke” a granted permission if it detects a change in user session? Tuesday, November 1, 11
  • 9. After permission is granted... Tuesday, November 1, 11
  • 10. Summary ✤ Mostly a set of UI and interaction guidelines, may not be applicable to all user agents (or to varying degrees) ✤ Where do we write this stuff down? ✤ Other open questions: ✤ What happens if devices are already in use by another application? ✤ What is the interaction for an incoming call? Tuesday, November 1, 11