Re: Why does screen sharing require a browser extension? from Justin Uberti on 2013-11-25 (public-webrtc@w3.org from November 2013)

From: Justin Uberti <juberti@google.com>
Date: Mon, 25 Nov 2013 15:58:27 -0800
To: cowwoc <cowwoc@bbs.darktech.org>
Cc: Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <CAOJ7v-1gJGgAxNemn-nxL1SH3GdjeB7YvCNo59cWuhMNJHYL+w@mail.gmail.com>

Others have already made the points I was going to, but I'll summarize:
- Screensharing is more dangerous than webcam access, because the attacker
can record the screen, AND control what is displayed on it.
- It only takes one frame to capture sensitive information - far less than
would be noticeable by a user.
- Requiring unambiguous opt-in for sharing, and being able to remotely
disable bad actors, are therefore the best hope of security.
- To opt in, the user will need to install an app or extension, and when
actually sharing, select the window/desktop to be shared from a consent box.
- Installing through an app store is an explicit grant of trust by the user
to the application (similar to installing a desktop app). Visiting a web
page is not.


On Mon, Nov 25, 2013 at 12:23 PM, cowwoc <cowwoc@bbs.darktech.org> wrote:

> On 25/11/2013 3:20 PM, Martin Thomson wrote:
>
>> On 25 November 2013 12:13, cowwoc <cowwoc@bbs.darktech.org> wrote:
>>
>>> Pick colors which no one is color-blind to.
>>> Your friend *saw* the border, he just didn't know what it meant. I am
>>> willing to bet that if it pulsed, he'd definitely see it.
>>> If you add the alert icon with the tooltip as Java did, there would be no
>>> confusion as to the meaning of the border. I've used this feature live
>>> and I
>>> can tell you it was very easy to understand.
>>>
>> I'm fairly certain that doesn't work either.  The problem, of which I
>> provided a specific example, is something that I will call "chrome
>> blindness".  Users don't notice this stuff.  Despite 15+ years of
>> training, the lock icon still doesn't work as advertised.
>>
>
> But the border is flashing! :) Anyway, I'd argue an extension is even
> worse. You install it once and forget what it is actively recording. It
> might not be malicious but you could still mistakenly share some pretty
> embarrassing stuff.
>
>
>  How does requiring each app to publish a separate extension on Chrome
>>> Store
>>> scale any better?
>>>
>> Justin's example might scale, depending on how app stores are managed.
>>
>
> I don't get it then. What did you mean by "it doesn't scale" with respect
> to having the AppStore approve/ban SSL certificates associated with apps?
> After all, the way apps are approved in the first place is by signing them
> and approving the certificate. So how is this any different? This is just
> an AppStore where the user does not need to explicitly install an app. All
> other steps remains identical.
>
> Gili
>
>

Received on Monday, 25 November 2013 23:59:15 UTC