On Wed, Apr 26, 2017 at 10:26 PM, Eric Rescorla <[email protected]> wrote: >> Surely we can avoid this problem without being so >> drastic? > > > Perhaps, but actually designing such security measures is expensive, so > absent some argument that this is in wide use, probably doesn't > pass a cost/benefit test.
Yeah, after looking at the papers here, this doesn't look salvagable. Other ways of accessing cross-origin data are all gated behind permissions. Given that this is in effect a camera with low resolution and framerate, and also a screen capture device, that's the bar the API has to meet. Combined with low usage rates, (lower than battery status?), this seems pretty clear-cut to me. _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
