Security and privacy considerations
A User Agent implementation of this specification is advised to seek
user consent before initiating capture of content by microphone or
camera. This may be necessary to meet regulatory, legal and best
practice requirements related to the privacy of user data. In addition,
the User Agent implementation is advised to provide an indication to
the user when an input device is enabled and make it possible for the
user to terminate such capture. Similarly, the User Agent is advised to
offer user control, such as to allow the user to:
select the exact media capture device to be used if there exist
multiple devices of the same type (e.g. a front-facing camera in
addition to a primary camera).
disable sound capture when in the video capture mode.
This specification builds upon the security and privacy protections
provided by the [[HTML51]] and the
[[FILE-API]] specifications; in particular, it is expected that any
offer to start capturing content from the user’s device would require a
specific user interaction on an HTML element that is entirely
controlled by the user agent.
Implementors should take care to prevent additional leakage of
privacy-sensitive data from captured media. For instance, embedding the
user’s location in the metadata of captured media (e.g. EXIF) might
transmit more private data than the user is expecting.