enumerateDevices is exposing devices labels for origins that are granted access once

[youennf]

An origin may have had access once to getUserMedia.
In that case, the web page might have stored the list of available devices at that time including labels.
As per #559 (comment), all devices will then be exposed to that origin including labels.

This seems to include new devices for which labels were not exposed to the web page initially.
This is a leak of new information that is not really identified in the spec.

[alvestrand]

I believe exposing labels on new devices when one has access to labels for devices was a design choice.
My opinion: Either one should have access to all device labels, or to none.

[youennf]

My opinion: Either one should have access to all device labels, or to none.

I tend to agree.
As an implementor, I would go with 'none', which is unfortunately not spec compliant.
The fact that labels of new devices are leaked is not pointed out in the spec.
It could lead implementors to choose 'none' instead of 'all', should the spec allow both modes.

[youennf]

Reading again https://w3c.github.io/permissions/#media-devices, the spec seems like an implementation decision, in particular:
The UA MAY treat result as new information about the user’s intent with respect to the "device-info" permission for this realm and other realms with the same origin, provided it doesn’t violate the previous step.

Closing.