Unable to remember which camera to ALWAYS share
Categories
(Firefox :: Site Permissions, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox128 | --- | fixed |
People
(Reporter: peterbe, Assigned: abhishekmadan)
References
(Depends on 1 open bug, )
Details
Attachments
(1 file)
|
Reporter | |
Comment 1•10 years ago
|
||
|
||
Comment 5•7 years ago
|
||
|
||
Comment 6•7 years ago
|
||
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Comment 9•4 years ago
|
||
We also seem to be hitting this. Our scenario (Using FF 80.0.1):
-
Check if we have permissions to access any devices (no on fist time)
-
Do a GUM with {audio: true, video: true}
-
Select Camera B and Mic B (non defaults) in the browser dialog.
-
We get streams for CamB and MicB (so far so good).
-
We save CamB and MicB DeviceIds in a cookie
-
We start a new "call".
-
Check we have permissions to access any devices (which we do now since last call)
-
Do a GUM with
{audio: { deviceId: cookieValueOfLastUsedDevice(MicB) }, video: { deviceId: cookieValueOfLastUsedDevice(CamB) } } -
Get streams for MicA and CamA (defaults)
If in step 8 we do a {audio: { deviceId: { exact: cookieValueOfLastUsedDevice(MicB) } }, video: { deviceId: { exact: cookieValueOfLastUsedDevice(CamB) } } } We get an OverConstrainedError.
If in the first call we allowed permissions to access CamB and MicB,, when we come to next request them via an exact or even just by non-exact deviceId request we should get streams from CamB and MicB, and not the defaults of CamA and MicA.
Seems to be a persistence of Permissions issue. I'm not familiar with how Firefox deals with saving Permissions for specific devices? Does it save a generic "Yeah you have permissions to use a camera and mic, but we don't know which one?"
|
||
Comment 10•4 years ago
|
||
This issue is still an issue on Firefox 83.
This is an extremely serious privacy issue: it allows a website to, without authorisation, activate and record on a user's webcam. I discovered this issue when a website suddenly rendered a camera I'd never given it access to.
This is pretty much the scariest type of issue that can exist, from a consumer perspective.
Reproduction steps:
- Visit https://mozilla.github.io/webrtc-landing/gum_test.html.
- Select "camera" on that page.
- On Firefox, select a camera that is not the first. In my case, I selected a camera which has a physical lid on it.
- Select "Remember me decision".
- Reload the page.
- Click webcam again.
Actual behaviour
The website can now access another webcam -- one that does not have a lid, and points to a location that it not okay for this website to see.
Expected behaviour
Websites should not have access to a webcam if they have never been given authorisation by the user.
|
||
Comment 11•4 years ago
|
||
Still in issue in Firefox 85.0, Feb 2021.
In addition, this issue can be reproduced with one hardware webcam + one software webcam. The software "Logitech Capture" uses your hardware webcam to make a software webcam available called "Logi Capture". So your system will have a choice of 2 webcams available.
- Visit a website that will ask to use your webcam
- Firefox dialog appears, click the drop-down to select the software webcam ("Logi Capture" in this case)
- Click "Remember this decision" and click "Allow"
- Leave page and visit it again. Firefox will use the wrong webcam, and I can't find a setting to make it choose the correct webcam.
|
||
Comment 13•4 years ago
|
||
There's a lot of confusion here, all from an incorrect interpretation of ☐ Remember this decision (based on what it does).
The "decision" is not the device choice. Firefox cannot remember which device you chose for next time, because that's the job of the site in the web model. Well-behaved sites will remember the device you chose every time whether you check this box or not.
The "decision" is whether to ask permission every time for this device category (all cameras or all microphones). ☑ = no more prompts = Chrome.
Untangling multiple issues from this confusion:
- Site bugs (comment 0, comment 1, comment 11) — Well-behaved sites remember your choice even if you leave
☐blank, as well as offer a ⚙️ settings page where you can switch devices. Fix your sites. Not a Firefox bug. - Pilot error — comment 9 works for me with https://jsfiddle.net/jib1/e89jp3hv. I suspect a bug in the example's cookie parsing.
- Mismatched expectation — comment 10 expected Firefox to persist permission per-device. This is a great idea, but would be a new feature. Firefox is already the only browser to implement per-device permission, but only if you leave
☐blank. It's all or nothing today; a tradeoff.
Options I see:
- Close this as works as intended
- Focus this issue on clarifying the UX. E.g.
☑ Ask every time(inverting the logic) though this still doesn't clear up one vs. all. - Focus this issue on requesting that Firefox implement persistent per-device permission, either instead of or in addition to persist all (Chrome).
|
||
Comment 14•4 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] (needinfo? me) from comment #13)
Options I see:
- Close this as works as intended
The intention is for the user to understand the decision they make in response to the prompt, but users are not understanding, so option 2 at least would be addressing a defect.
"When asking the user’s permission, the User Agent MUST disclose whether permission will be granted only to the device chosen, or to all devices of that kind."
- Focus this issue on clarifying the UX. E.g.
☑ Ask every time(inverting the logic) though this still doesn't clear up one vs. all.
This may be the issue in duplicates bug 1315890, bug 1410421, bug 1598359, and bug 1627744.
A solution could be as simple as changing the label on the check box. Options might include:
- Apply this permission to all microphone/camera devices
- Apply Block/Allow to all microphone devices
Or perhaps multiple buttons or radio-buttons, instead of a single checkbox:
- Allow
- Block
- Always allow all microphone devices
- Always block
- Focus this issue on requesting that Firefox implement persistent per-device permission, either instead of or in addition to persist all (Chrome).
Yes, perhaps, or
4. Remember the choice made for each unique ordered list of "preferred" speakers, and provide a way to change or reset the decisions, and fix 2, or
5. Fix bug 1713292 and fix 2.
|
||
Comment 15•3 years ago
|
||
The severity field for this bug is relatively low, S3. However, the bug has 6 duplicates.
:pbz, could you consider increasing the bug severity?
For more information, please visit auto_nag documentation.
|
|
||
Updated•3 years ago
|
|
|
||
Comment 17•1 year ago
|
||
The severity field for this bug is set to S3. However, the following bug duplicate has higher severity:
- Bug 1889003: S2
:pbz, could you consider increasing the severity of this bug to S2?
For more information, please visit BugBot documentation.
|
|
||
Comment 18•1 year ago
|
||
Clarifying the status quo by updating the checkbox string would be a good first step.
Perhaps something like "Remember this choice for all <cameras|microphones|speakers>". Though that could(?) suggest that if you don't select the checkbox that you're granting a persistent allow for that specific device. Jeff, do you have a suggestion on how we could improve the prompt language to not suggest to users that they're granting permission for a specific device only, but for all devices of that category (e.g. all cameras)? See comment 13 for a good summary.
As a next step I'm curious how much we'd increase friction if we supported per-device persistent grants. This seems acceptable to me. For the implementation: We already support per-device temporary permissions so introducing persistent ones seems feasible. To keep the permission management UI simple we could collapse multiple per-device permissions of the same device type into one and clear all of them when the user clears the entry.
|
||
Comment 19•11 months ago
|
||
My proposal would be to change the 1st string to:
Allow <url> to use this <device category>?
<device name>
and then change the text box to
Allow all <plural device category>
|
|
||
Comment 20•11 months ago
|
||
(In reply to Jeff Pfaller from comment #19)
My proposal would be to change the 1st string to:
Allow <url> to use this <device category>?
<device name>and then change the text box to
Allow all <plural device category>
Thanks for the great suggestion Jeff! For the checkbox I'm concerned that the string doesn't really convey that it's a persistent choice. What do you think?
|
|
||
Comment 21•11 months ago
|
||
How about "Always allow all <plural device category>"
|
|
||
Comment 22•11 months ago
|
||
Works for me! Jib, I think this copy change would be a strict improvement. At least we would describe the current behavior better. Do you agree?
|
|
||
Comment 23•11 months ago
•
|
||
Did we mean to s/your/this/? Also note that the most common case is to prompt for both camera and microphone. So that would presumably look like:
Allow jan-ivar.github.io to use your camera and microphone?
📹 FaceTime HD Camera
🎙️ MacBook Pro Microphone☐ Always allow all cameras and microphones
Do I have that right?
|
|
||
Comment 24•11 months ago
|
||
Alas, I just remembered: The ☐ Remember this decision also needs to work for the Block action, i.e. the ✅ makes it a persistent block instead of just a temporary one.
How would we handle that?
|
|
||
Comment 25•11 months ago
|
||
You're right.. I completely missed that somehow. Jeff, can I request your expertise again?
Something like "Remember for all cameras and microphones" / "Remember for all cameras?" / ...
|
|
||
Comment 26•11 months ago
|
||
That would work for me at least.
|
|
||
Comment 27•11 months ago
•
|
||
Yes, I think that works!.
Remember for all <plural device category>
|
|
||
Updated•11 months ago
|
|
|
||
Updated•11 months ago
|
|
Assignee | |
Comment 28•10 months ago
|
||
|
||
Updated•10 months ago
|
|
|
||
Updated•10 months ago
|
|
|
||
Updated•10 months ago
|
|
||
Comment 29•10 months ago
|
||
|
||
Comment 30•10 months ago
|
||
| bugherder | ||
Description
•