Re: [whatwg] Media sink device selection on audio/video
Hi, The consensus opinion at WebRTC and MediaCapture seemed to be that the ability to let an app say which of these 5 microphones do you want? is more amenable to creating good apps than leaving this UI to the browser chrome. Seems to me that the privacy aspects (the fingerprinting vulnerabilities from exposing this data), and the abuse aspects (giving hostile sites the ability to access all the user's devices if any are made available) would trump this. Surely we can rely on user agents to provide nice UIs. I agree with Ian. For instance, on iOS we provide features that allow Web developers to take AirPlay into account when building custom video controls, but we do not expose the list of AirPlay targets to Web content. Ted
Re: [whatwg] Media sink device selection on audio/video
On Fri, Apr 11, 2014 at 6:23 PM, Edward O'Connor eocon...@apple.com wrote: The consensus opinion at WebRTC and MediaCapture seemed to be that the ability to let an app say which of these 5 microphones do you want? is more amenable to creating good apps than leaving this UI to the browser chrome. Seems to me that the privacy aspects (the fingerprinting vulnerabilities from exposing this data), and the abuse aspects (giving hostile sites the ability to access all the user's devices if any are made available) would trump this. Surely we can rely on user agents to provide nice UIs. The fingerprinting could be pretty specific, too. For example, my apple TV advertises itself with a custom AirPlay name. I agree with Ian. For instance, on iOS we provide features that allow Web developers to take AirPlay into account when building custom video controls, but we do not expose the list of AirPlay targets to Web content. Some other issues: - The browser will give a consistent UI. I don't get a different Save As dialog for each site, and I shouldn't get a different which mic do you want to use? dialog for each site either. - The browser will give a UI. My guess is that the vast majority of web apps wouldn't provide a selection UI *at all* for mics or speakers, and just use the default. - Web apps shouldn't need to implement basic UI for things like this, just like they shouldn't have to implement their own Save As dialogs. That's the platform's job. -- Glenn Maynard
Re: [whatwg] Media sink device selection on audio/video
On 04/02/2014 07:52 PM, Ian Hickson wrote: On Mon, 3 Mar 2014, Ami Fischman wrote: Looks like we're back in business: Latest editor's draft: http://dev.w3.org/2011/webrtc/editor/getusermedia.html Thanks. As a user, this scares me a lot. Why isn't it up to me to control this? I don't understand the security model here at all. I don't want random Web pages to know that they can pipe audio to the remote speakers in my bedroom from my laptop, but if we just expose all the audio output devices, that's exactly what will be possible. Without a much clearer security model, I don't think it's a good idea to add any APIs. Would it make sense to group the access to sinks in with access to sources - that is, this page wants access to your cameras, microphones and audio output devices? (either on a per-device basis or as an all-or-nothing prompting)
Re: [whatwg] Media sink device selection on audio/video
Thanks Ian. I pinged public-media-capture about this and https://www.w3.org/Bugs/Public/show_bug.cgi?id=25245 is now tracking making that spec better specified. On Wed, Apr 2, 2014 at 10:52 AM, Ian Hickson i...@hixie.ch wrote: On Mon, 3 Mar 2014, Ami Fischman wrote: Looks like we're back in business: Latest editor's draft: http://dev.w3.org/2011/webrtc/editor/getusermedia.html Thanks. As a user, this scares me a lot. Why isn't it up to me to control this? I don't understand the security model here at all. I don't want random Web pages to know that they can pipe audio to the remote speakers in my bedroom from my laptop, but if we just expose all the audio output devices, that's exactly what will be possible. Without a much clearer security model, I don't think it's a good idea to add any APIs. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] Media sink device selection on audio/video
On Mon, 7 Apr 2014, Harald Alvestrand wrote: On 04/02/2014 07:52 PM, Ian Hickson wrote: On Mon, 3 Mar 2014, Ami Fischman wrote: Looks like we're back in business: Latest editor's draft: http://dev.w3.org/2011/webrtc/editor/getusermedia.html As a user, this scares me a lot. Why isn't it up to me to control this? I don't understand the security model here at all. I don't want random Web pages to know that they can pipe audio to the remote speakers in my bedroom from my laptop, but if we just expose all the audio output devices, that's exactly what will be possible. Without a much clearer security model, I don't think it's a good idea to add any APIs. Would it make sense to group the access to sinks in with access to sources - that is, this page wants access to your cameras, microphones and audio output devices? (either on a per-device basis or as an all-or-nothing prompting) Wouldn't that be an implementation detail? When I was first desigining the API for WebRTC (years ago, before it got rather unceremoniously forked by the W3C), the security design I had come up with was basically that the UA would show a panel of devices, and the user would drag-and-drop them into the page to give the page access to them. (Or equivalent UI, e.g. tapping on the relevant device icons to activate them for the page.) This would let me, as a user, specify that on my laptop YouTube can play video on my TV (assuming we extend this stuff to support video over Miracast/AirPlay/WiDi/DIAL/Chromecast/DLNA) while not allowing it to send audio to my bedroom, while simultaneously having Amazon's Cloud Player sending its music to my bedroom, but not allowing it to use my microphone. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] Media sink device selection on audio/video
On 04/07/2014 06:20 PM, Ian Hickson wrote: On Mon, 7 Apr 2014, Harald Alvestrand wrote: On 04/02/2014 07:52 PM, Ian Hickson wrote: On Mon, 3 Mar 2014, Ami Fischman wrote: Looks like we're back in business: Latest editor's draft: http://dev.w3.org/2011/webrtc/editor/getusermedia.html As a user, this scares me a lot. Why isn't it up to me to control this? I don't understand the security model here at all. I don't want random Web pages to know that they can pipe audio to the remote speakers in my bedroom from my laptop, but if we just expose all the audio output devices, that's exactly what will be possible. Without a much clearer security model, I don't think it's a good idea to add any APIs. Would it make sense to group the access to sinks in with access to sources - that is, this page wants access to your cameras, microphones and audio output devices? (either on a per-device basis or as an all-or-nothing prompting) Wouldn't that be an implementation detail? The details are an implementation detail. Whether sinks should be treated at the same level as sources, higher level or lower level of protection is probably a somewhat higher level issue. When I was first desigining the API for WebRTC (years ago, before it got rather unceremoniously forked by the W3C), the security design I had come up with was basically that the UA would show a panel of devices, and the user would drag-and-drop them into the page to give the page access to them. (Or equivalent UI, e.g. tapping on the relevant device icons to activate them for the page.) This was considered, but rejected. The consensus opinion at WebRTC and MediaCapture seemed to be that the ability to let an app say which of these 5 microphones do you want? is more amenable to creating good apps than leaving this UI to the browser chrome. This would let me, as a user, specify that on my laptop YouTube can play video on my TV (assuming we extend this stuff to support video over Miracast/AirPlay/WiDi/DIAL/Chromecast/DLNA) while not allowing it to send audio to my bedroom, while simultaneously having Amazon's Cloud Player sending its music to my bedroom, but not allowing it to use my microphone.
Re: [whatwg] Media sink device selection on audio/video
On Mon, 7 Apr 2014, Harald Alvestrand wrote: The consensus opinion at WebRTC and MediaCapture seemed to be that the ability to let an app say which of these 5 microphones do you want? is more amenable to creating good apps than leaving this UI to the browser chrome. Seems to me that the privacy aspects (the fingerprinting vulnerabilities from exposing this data), and the abuse aspects (giving hostile sites the ability to access all the user's devices if any are made available) would trump this. Surely we can rely on user agents to provide nice UIs. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] Media sink device selection on audio/video
On Mon, Apr 07, 2014 at 07:28:45PM +0200, Harald Alvestrand wrote: On 04/07/2014 06:20 PM, Ian Hickson wrote: When I was first desigining the API for WebRTC (years ago, before it got rather unceremoniously forked by the W3C), the security design I had come up with was basically that the UA would show a panel of devices, and the user would drag-and-drop them into the page to give the page access to them. (Or equivalent UI, e.g. tapping on the relevant device icons to activate them for the page.) This was considered, but rejected. The consensus opinion at WebRTC and MediaCapture seemed to be that the ability to let an app say which of these 5 microphones do you want? is more amenable to creating good apps than leaving this UI to the browser chrome. If the app disregards or misunderstands the user's input, what keeps it from using the wrong microphone? How do I disconnect a microphone from an app? How do I know which microphones are connected to which apps? Ian's proposal seems to offer this visibility and control to the user. Dave -- David Young dyo...@pobox.comUrbana, IL(217) 721-9981
Re: [whatwg] Media sink device selection on audio/video
On Mon, 3 Mar 2014, Ami Fischman wrote: Looks like we're back in business: Latest editor's draft: http://dev.w3.org/2011/webrtc/editor/getusermedia.html Thanks. As a user, this scares me a lot. Why isn't it up to me to control this? I don't understand the security model here at all. I don't want random Web pages to know that they can pipe audio to the remote speakers in my bedroom from my laptop, but if we just expose all the audio output devices, that's exactly what will be possible. Without a much clearer security model, I don't think it's a good idea to add any APIs. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] Media sink device selection on audio/video
Ian, On Fri, Feb 7, 2014 at 4:55 PM, Ian Hickson i...@hixie.ch wrote: Can you let us know when there's a URL that will permanently hold the latest (including day-to-day updates) spec? Looks like we're back in business: Latest editor's draft: http://dev.w3.org/2011/webrtc/editor/getusermedia.html Cheers, -a
Re: [whatwg] Media sink device selection on audio/video
On Wed, 18 Dec 2013, Ami Fischman wrote: On Wed, Dec 18, 2013 at 8:38 PM, Ian Hickson i...@hixie.ch wrote: On Tue, 17 Dec 2013, Ami Fischman wrote: Recently https://www.w3.org/Bugs/Public/show_bug.cgi?id=23263 Navigator acquired the ability to enumerate media output devices (in addition to input devices): http://dev.w3.org/2011/webrtc/editor/getusermedia.html#enumerating-devices What's the privacy story for this API? I don't follow public-media-capture but the spec above says: The method must only return information that the script is authorized to access (TODO expand authorized). That should probably be resolved before we start integrating other specs with the API, since without a solid privacy story, the API might change radically. In fact, looking at the spec again today, I can't find anything about enumerating anything. (Indeed, the word enumerating doesn't appear in that spec.) Am I missing something? There doesn't seem to be a table of contents either... Anyone know the status of that spec? -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] Media sink device selection on audio/video
Ian, The link you're looking at is currently being used to focus the WG's attention on the Constrainable business, which is why everything else has disappeared. This is temporary :) See http://lists.w3.org/Archives/Public/public-webrtc/2014Feb/.html for the haps, and the previous editor's draft ( http://dev.w3.org/2011/webrtc/editor/archives/20131225/getusermedia.html) for the pieces of the spec discussed in this thread here. Cheers, -a On Fri, Feb 7, 2014 at 2:28 PM, Ian Hickson i...@hixie.ch wrote: On Wed, 18 Dec 2013, Ami Fischman wrote: On Wed, Dec 18, 2013 at 8:38 PM, Ian Hickson i...@hixie.ch wrote: On Tue, 17 Dec 2013, Ami Fischman wrote: Recently https://www.w3.org/Bugs/Public/show_bug.cgi?id=23263 Navigator acquired the ability to enumerate media output devices (in addition to input devices): http://dev.w3.org/2011/webrtc/editor/getusermedia.html#enumerating-devices What's the privacy story for this API? I don't follow public-media-capture but the spec above says: The method must only return information that the script is authorized to access (TODO expand authorized). That should probably be resolved before we start integrating other specs with the API, since without a solid privacy story, the API might change radically. In fact, looking at the spec again today, I can't find anything about enumerating anything. (Indeed, the word enumerating doesn't appear in that spec.) Am I missing something? There doesn't seem to be a table of contents either... Anyone know the status of that spec? -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] Media sink device selection on audio/video
On Fri, 7 Feb 2014, Ami Fischman wrote: The link you're looking at is currently being used to focus the WG's attention on the Constrainable business, which is why everything else has disappeared. This is temporary :) See http://lists.w3.org/Archives/Public/public-webrtc/2014Feb/.html for the haps, and the previous editor's draft ( http://dev.w3.org/2011/webrtc/editor/archives/20131225/getusermedia.html) for the pieces of the spec discussed in this thread here. Ah. Well, I can't reference a spec that's that unstable. :-) Can you let us know when there's a URL that will permanently hold the latest (including day-to-day updates) spec? Cheers, -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] Media sink device selection on audio/video
On Sun, Jan 12, 2014 at 8:47 PM, Philip Jägenstedt phil...@opera.comwrote: [...] Do you mean to make this per-origin as well? (It will require storing that information per-origin forever, or until some invisible timeout.) That seems about as restrictive as one could make it, but is the API going to actually be useful in this state? Sure, why not? Canonical use-case: webrtc-using video-chat webapp allows the user to select between speakers, wired headset, or bluetooth headset for its audio output; the webapp already has gUM permission so now it can use getMediaDevices() to enumerate output sinks and use the proposal here to route the remote audio feed to the desired device. Cheers, -a
Re: [whatwg] Media sink device selection on audio/video
On Tue, Jan 14, 2014 at 5:51 AM, Ami Fischman fisch...@chromium.org wrote: On Sun, Jan 12, 2014 at 8:47 PM, Philip Jägenstedt phil...@opera.com wrote: [...] Do you mean to make this per-origin as well? (It will require storing that information per-origin forever, or until some invisible timeout.) That seems about as restrictive as one could make it, but is the API going to actually be useful in this state? Sure, why not? Canonical use-case: webrtc-using video-chat webapp allows the user to select between speakers, wired headset, or bluetooth headset for its audio output; the webapp already has gUM permission so now it can use getMediaDevices() to enumerate output sinks and use the proposal here to route the remote audio feed to the desired device. OK, so a site that has been given access to any device using getUserMedia can then enumerate all devices using getMediaDevices? I interpreted devices to which the user has already granted access through getUserMedia in the most restrictive (per-origin, per-device) way possible... Philip
Re: [whatwg] Media sink device selection on audio/video
Hmm; I wasn't thinking in terms of per-device, only per-origin and per-browser/machine. Seems like a conversation for public-media-capture? On Mon, Jan 13, 2014 at 3:30 PM, Philip Jägenstedt phil...@opera.comwrote: On Tue, Jan 14, 2014 at 5:51 AM, Ami Fischman fisch...@chromium.org wrote: On Sun, Jan 12, 2014 at 8:47 PM, Philip Jägenstedt phil...@opera.com wrote: [...] Do you mean to make this per-origin as well? (It will require storing that information per-origin forever, or until some invisible timeout.) That seems about as restrictive as one could make it, but is the API going to actually be useful in this state? Sure, why not? Canonical use-case: webrtc-using video-chat webapp allows the user to select between speakers, wired headset, or bluetooth headset for its audio output; the webapp already has gUM permission so now it can use getMediaDevices() to enumerate output sinks and use the proposal here to route the remote audio feed to the desired device. OK, so a site that has been given access to any device using getUserMedia can then enumerate all devices using getMediaDevices? I interpreted devices to which the user has already granted access through getUserMedia in the most restrictive (per-origin, per-device) way possible... Philip
Re: [whatwg] Media sink device selection on audio/video
Perhaps :) I'm not on that list, but am fine leaving this to people who have stronger opinions than me on the issue. On Tue, Jan 14, 2014 at 6:36 AM, Ami Fischman fisch...@chromium.org wrote: Hmm; I wasn't thinking in terms of per-device, only per-origin and per-browser/machine. Seems like a conversation for public-media-capture? On Mon, Jan 13, 2014 at 3:30 PM, Philip Jägenstedt phil...@opera.com wrote: On Tue, Jan 14, 2014 at 5:51 AM, Ami Fischman fisch...@chromium.org wrote: On Sun, Jan 12, 2014 at 8:47 PM, Philip Jägenstedt phil...@opera.com wrote: [...] Do you mean to make this per-origin as well? (It will require storing that information per-origin forever, or until some invisible timeout.) That seems about as restrictive as one could make it, but is the API going to actually be useful in this state? Sure, why not? Canonical use-case: webrtc-using video-chat webapp allows the user to select between speakers, wired headset, or bluetooth headset for its audio output; the webapp already has gUM permission so now it can use getMediaDevices() to enumerate output sinks and use the proposal here to route the remote audio feed to the desired device. OK, so a site that has been given access to any device using getUserMedia can then enumerate all devices using getMediaDevices? I interpreted devices to which the user has already granted access through getUserMedia in the most restrictive (per-origin, per-device) way possible... Philip
Re: [whatwg] Media sink device selection on audio/video
On Thu, Dec 19, 2013 at 2:45 PM, Ami Fischman fisch...@chromium.org wrote: On Wed, Dec 18, 2013 at 8:38 PM, Ian Hickson i...@hixie.ch wrote: On Tue, 17 Dec 2013, Ami Fischman wrote: Recently https://www.w3.org/Bugs/Public/show_bug.cgi?id=23263 Navigator acquired the ability to enumerate media output devices (in addition to input devices): http://dev.w3.org/2011/webrtc/editor/getusermedia.html#enumerating-devices What's the privacy story for this API? I don't follow public-media-capture but the spec above says: The method must only return information that the script is authorized to access (TODO expand authorized). A narrow reading of that authorized would be devices to which the user has already granted access through getUserMedia though I don't want to put words in that group's mouth. Do you mean to make this per-origin as well? (It will require storing that information per-origin forever, or until some invisible timeout.) That seems about as restrictive as one could make it, but is the API going to actually be useful in this state? Philip
Re: [whatwg] Media sink device selection on audio/video
On Tue, 17 Dec 2013, Ami Fischman wrote: Recently https://www.w3.org/Bugs/Public/show_bug.cgi?id=23263 Navigator acquired the ability to enumerate media output devices (in addition to input devices): http://dev.w3.org/2011/webrtc/editor/getusermedia.html#enumerating-devices What's the privacy story for this API? It would be nice to allow media elements to direct their output to such an output device. The primary use-case is to allow app UI/script to select which audio output device should play the audio track of a video or audio tag (wired speakers, bluetooth headset, etc.). Seems reasonable. Is any other browser vendor interested in implementing something to address this? -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
