Mozilla Labs is developing a Firefox add-on that lets web developers access a machine's local video and audio recording devices using a few lines of JavaScript. Known as Rainbow, this early prototype generates files in open formats, and these files can then be accessed via the HTML5 File APIs and moved onto a server. "There …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 29th October 2010 17:56 GMT Stu

Humm

Oh how quickly we forget the stories - specifically about the US high-school, taken to the cleaners for illicitly recording video from the webcams built into laptops lent to its pupils!

Thanks Moz, for creating yet another easy to use opening for hackers! More functionality, more functionality ... oh right, forgot about security again. Sorry.

0 9
1. Friday 29th October 2010 19:17 GMT Anonymous Coward
  
  The School was cleared
  
  Actually, the courts found in favour of the school - The pupils and parents lost, setting a worrying precedent which could well affect the development and usage of features like Mozilla are doing here.
  
  But they decided to try again in a civil case, and the school decided to end the matter by paying them off out of court, presumably in return for the parents and pupils accepting the court judgement and signing an admission that the school did nothing wrong. You can be sure if anyone says anything about it ever again, they'll be taken to the cleaners by the school for breaking the settlement agreement.
  
  With the law seemingly on the side of the voyeurs, I wonder how long it will be before sites like Facebook and Twitter include T&Cs that give them the right to access your microphone and webcam at any time, or Google's YouTube 'accidentally' roll out some live code that spies on everyone. Street View to watch the outside of your house and access your Wi-Fi, YouTube to watch from the inside and collate?
  
  3 0
  1. Saturday 30th October 2010 12:23 GMT copsewood
    
    A few lines of Javascript ...
    
    Of course if this makes it much easier to upload video and audio recordings to the web many people will use it. Functionality and ease of use always seems to take higher priority than the potential for privacy violation.
    
    But could you imagine anyone with a brain trusting closed source to implement something like this, given that the open source security coding can at least be audited, so users who obtain advice from those who do this auditing can have some idea of the difficulties involved in remote control abuse, and knowledge that problems once brought to light can be fixed without the need to involve a single vendor ?
    
    Yes of course the potential for abuse of something like this is massive, and in my view nothing with this kind of potential should be considered acceptable if implemented as closed source.
    
    0 0
2. Saturday 30th October 2010 12:23 GMT Shades
  
  RE: Humm
  
  Oh how quickly we forget anything that doesn't support our argument - Specifically about Adobe's Flash plug-in which, for years now, has been able to access webcams and microphones!
  
  Thanks Macromedia, for creating yet another easy to use opening for hackers! More functionality, more functionality ... oh right, forgot about security again. Sorry.
  
  Seriously though, as much as I hate to admit it, Mozilla probably recognises that Steve Jobs may have a point when he continually bashes Flash - it will become increasing irrelevant as HTML 5 (and successive built-in browser technologies/standards) becomes more commonplace and replaces more and more of Flash's capabilities. At the moment no browser, that I am aware of, has built-in support for webcams and microphones so what will become of the websites that use such peripherals once Flash is (hopefully) dead and buried? As far as I can see Mozilla is simply thinking ahead, in an attempt to further rid us of the blight that is Flash, but you're bashing them as if in-browser webcam/microphone access was their idea AND you know for fact that they are going to get the security wrong.
  
  0 1
  1. Monday 1st November 2010 10:42 GMT Mike G
    
    Flash haters are sooo boring
    
    The reason features like these come to html5 is because of the likes of Adobe and Flash innovating what's possible within a browser environment, many years ahead of what will ever be possible within the glacial pace of standards innovation. If Adobe continue to innovate ahead of of browser technology then there's no reason the advanced functionality they bring to the web can't be enjoyed for many more years, and continue to provide something for inveterate curmudgeon whingers like yourself to mewl about too.
    
    0 1
3. Saturday 30th October 2010 12:23 GMT Maty
  
  sure thing ...
  
  The security risk, I mean.
  
  Because at present a lot of this stuff is being delivered by Flash, and you generally only find 'Flash' and 'secure' in the same sentence with 'not' between them.
  
  And seriously, what have you got against more functionality?
  
  0 1
Friday 29th October 2010 19:17 GMT dogged

implying

> implying US High Schools know enough to put Firefox on their machines

4 0
Friday 29th October 2010 22:52 GMT kneedragon

M$ baiting.

Does anybody remember a couple of weeks ago, M$ was grated a patent on the use of hardware acceleration on video encoding in web browser plug ins? Any takers on where this is headed?

0 0
Saturday 30th October 2010 12:29 GMT ShaggyDoggy

Black masking tape

works for me (on the webcam)

0 0
1. Sunday 31st October 2010 10:13 GMT Francis Boyle
  
  Better still
  
  Make it compulsory that all built-in webcams have a sliding cover (or an activity light). Though please not one of those annoying mechanical shutter sounds you find on phones.
  
  0 0
Saturday 30th October 2010 22:42 GMT Anonymous Coward

Ouch baby Ouch!

Well, you got to grant ideas and insights where they blossom and the Google seems to be blossoming on this one.

What a nice way for ebay-ers to video stuff when they want or for You Tube-ers to do their thing.

And I suppose if it does a good and healthy (and popular) job on desktop-laptop-notebook format devices it will probably do equally well on Android (or iPhone or W7 P?)

1 0
1. Monday 1st November 2010 10:36 GMT Shades
  
  Is it just me...
  
  ...or does the above comment make no sense?
  
  // Stop icon because there isn't a "confused" one.
  
  0 0
Monday 1st November 2010 10:35 GMT Glen Turner 666

You don't look at a website, the website looks at you.

You can search for the URL portions of almost any IP CCTV system and find thousands of unsecured cameras. Making it millions doesn't seem that clever.

Common DNS typos will insert JavaScript to turn on the camera and proxy you to the real site.

Banks will insist that any camera works and will photograph you when doing banking transactions. So cyber criminals will start wearing balaclavas at the keyboard.

I very much hope that "robust" means "off, unless you explicitly say so for a particular HTTPS or DNSSEC identified web site". But using a vague word like "robust" makes me suspect otherwise.

Paris, because sex tapes will now be possible without either participant knowing, just from taking your phone from your pockets before your pants hit the floor. I wonder if the next generation of phone covers will obscure the camera (as well as insulate the antenna).

0 0
Monday 1st November 2010 10:42 GMT Winkypop

Duct tape

Is your friend...

0 1
Monday 1st November 2010 10:42 GMT Christian Berger

Now we only need peer-to-peer communications

And Skype will finally die.

0 0