getUserMedia() is deprecated on insecure origins. When?

[DevelopDaily]

This warning message has been out for a while:

"getUserMedia() is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS."

Any updates? How near in the future would it happen?

I think it is quite unnecessary to put the getUserMedia() into the deprecation list on insecure origins. The most compelling case of the function is the WebRTC, which has already got the end to end security. The signalling systems that the WebRTC use have their own security. The getUserMedia() from a secure origin won't offer any extra security. I believe it would even give you some false sense of security because the party who requests the getUserMedia() over the HTTPs may not be necessarily a good guy. Ultimately, the end to end trust must be established between the peers over the WebRTC. A secure origin of the app won't help there, will it?

[PhistucK]

A malicious script can take photographs of you and submit them anywhere, or identify you by your face, or record your actions.

I do not know when, though.

☆PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

[DevelopDaily]

Just want you to know HTTPs/Certificates will not prevent malicious scripts from harming you. That is not what the HTTPs is designed for.

I think it is really important to know when it will be removed. 

[PhistucK]

While they will not prevent, it does provide some assurance regarding the identity of the website, or the third party scripts the website uses.

The site itself can be malicious, of course. But HTTP can be man in the middled easily, while HTTPS cannot (easily). You can go to your usually trusted website in HTTP and get a similarly looking website with malicious code instead. HTTPS better protects you from that.

☆PhistucK

On Tue, Aug 11, 2015 at 4:39 AM, DevelopDaily <c...@datacivilization.com> wrote:

Just want you to know HTTPs/Certificates will not prevent malicious scripts from harming you. That is not what the HTTPs is designed for.

I think it is really important to know when it will be removed. 

--

[Aanand Vats]

Its already deprecated from 10th december 2015

[PhistucK]

It is not deprecated anymore - it is completely disabled.

☆PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.

[kishore]

Yes I agree, if we run any script with get user media function in https enabled website then it's working fine

Sent from my Mi phone

[Marc]

I confirm even with https getUserMedia() don't work anymore. 

Where can i find the best alternative code for Chrome ?

thanks in advance

[Anton Vayvod]

See the blink-dev threads:

intent to deprecate -  https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/2LXKVWYkOus/gT-ZamfwAKsJ

intent to remove - https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/Dsoq5xPdzyw/21znuLWVCgAJ

From my reading there's no workaround and the usage was considered too low to prevent the removal. The WebRTC team shared some concern but never got back with the specific examples of complaining customers.

[Marc]

thanks for your answer Anton

[Joel Weinberger]

Marc, if you're expiencing getUserMedia() not working with a Secure Context, that's a bug, and we'd appreciate if you would file that at https://crbug.com. However, please do verify that it's a Secure Context, which doesn't strictly mean just HTTPS, that it's not working on.

--Joel