The Media Streams API allows websites to access a user's microphone and camera with their permission. Most notably, video conferencing systems require this API to record audio and video for each participant.
Best practices in client applications
When client applications are given media permissions, they need to ensure that their service does not inadvertently expose user data. This can happen when the application enables a user's microphone or camera without explicit user interaction. In this case, a malicious website can exploit the permissions of the conferencing system by redirecting the user to it. The user's browser may then enable the camera, but send the media to a conference controlled by an attacker.
Differences between browsers
Despite privacy requirements being specified in detail, browsers behave differently. Users rely on the permission model of the browser and indicators in the browser for their privacy.
Requirements:
- Programming, JavaScript, Python
- Understanding of web protocols and standards
- Interest in web security
