Difference between revisions of "User:Ms7821/Security theatre"

Revision as of 16:43, 25 April 2011

Background

Currently webcams are easy to access on any device, simply by knowing the URL.

This is a cause of concern for some members, for some/all of the following reasons:

People just don't like webcams
It's difficult to justify the loss of privacy to visitors
Temptation to use the webcams to work out why something happened
Imbalance of power - those in the space don't necessarily know who can see them

Note that the last two are seen by some as advantages, due to their deterrent effect.

The following people requested for it to be members only

Names given are common username and email name.

Montyphy	Monty
TheHypnotist	Morris
SamLR	Sam Cook
Russss	Russ Garrett
layer1gfx	Chris
SheraDreaming	Lauren
roberthl	Robert Leverington

The following people requested it be left public

Renski	Darren McDonald
ms7821	Mark Steward
dmi	David Ingram
Paul2	Paul Dart
elliot_w	Elliot West
solexious	Charles Yarnold
earthshine	Mike McRoberts
srimech	Jim MacArthur
dirkx	Dirk-Willem van Gulik
tajasel	Katie Sutton
tomwyatt	Tom Wyatt
Phil	Phil Roy
v21	George Buckenham
varoudis	Tasos Varoudis

The following people requested a new shareable URL

Sunkzero	Darren Hubbard
eb4890	Will Pearson
Eithin	Sam Kelly
TheHypnotist	Morris

Implementation of limiting to members

I hope rearranging the cameras will be enough, but if not, here's how the members-only limit might work without causing too much disruption:

Logged in user visits webcam page
Auth cookie is checked; user is given a long-lived cookie with auth details
User is redirected to current URL with key (random)
Current URL with key can be distributed

Periodically, current URL changes

When current URL key is wrong, long-lived cookie is checked and user reauthenticated
If user is still active, user is redirected to current URL with key
If not, user is invited to ask on IRC

This of course does nothing to protect against a member who shares their password, forwards the streams, or writes an API to make the URL available to the wider world. But it does mean we can graph how often the links are shared with outside members.

@@ Line 1: / Line 1: @@
+==Background==
 Currently webcams are easy to access on any device, simply by knowing the URL.
+This is a cause of concern for some members, for some/all of the following reasons:
+* People just don't like webcams
+* It's difficult to justify the loss of privacy to visitors
+* Temptation to use the webcams to work out why something happened
+* Imbalance of power - those in the space don't necessarily know who can see them
+Note that the last two are seen by some as advantages, due to their deterrent effect.
 =====The following people requested for it to be members only=====
+Names given are common username and email name.
 {|
-| Montyphy || ?
+| Montyphy || Monty
 |-
 | TheHypnotist || Morris
@@ Line 63: / Line 75: @@
 |}
+==Implementation of limiting to members==
-Roberthl has already suggested a rearrangement of the cameras[http://imagebin.org/149815].
+I hope rearranging the cameras will be enough, but if not, here's how the members-only limit might work without causing too much disruption:
-I hope that's enough, but if not, here's how the members-only limit might work without causing too much disruption:
 * Logged in user visits webcam page
@@ Line 79: / Line 89: @@
-This of course does nothing to protect against a member who forwards the streams, or writes an API to make the URL available to the wider world.  But hey, it might stop a tiny bit of trolling.
+This of course does nothing to protect against a member who shares their password, forwards the streams, or writes an API to make the URL available to the wider world.  But it does mean we can graph how often the links are shared with outside members.