Re: Screen capture from Randell Jesup on 2013-02-05 (public-media-capture@w3.org from February 2013)

From: Randell Jesup <randell-ietf@jesup.org>
Date: Tue, 05 Feb 2013 07:31:54 -0500
To: public-media-capture@w3.org
Message-ID: <5110FBBA.6010002@jesup.org>

On 1/31/2013 5:06 PM, Harald Alvestrand wrote:
> On 01/31/2013 11:00 PM, Martin Thomson wrote:
>> Actually, I got some really good feedback on this feature in a
>> discussion last night.  The security concerns over giving access to a
>> screen capture are pretty serious.  There is a very good reason that
>> applications are prevented from sampling any part of the page that are
>> not from the same origin.  Screen capture would circumvent that.  It
>> may be that a simple user confirmation/permission question is
>> insufficient to convince some people that capture is safe to permit
>> for this reason.
>>
>> It's actually very simple.  I load an iframe to your bank, using your
>> login cookie, briefly display some highly sensitive resource, capture
>> the screen, ???, profit.
>>
>> I knew this was a problem, but I didn't realize the strength of the 
>> reaction.
>
> It's exactly the same problem as a remote control interface like 
> PCAnywhere.
> Many people find those creepy (and with some justification).

There's an unfortunate intersection between "tools that do things people 
really want/need" and "tools that can be used for evil".  :-(

Screen sharing (window, tab) is really useful.  It's in Hangouts, Vidyo, 
and many other such tools already.  Windows "Remote assistance"?  
Windows "Remote Desktop"?

It enables important use-cases (see above), like Help Desk functions, 
helping your computer-phobic parent untangle themselves, etc.

But the security concerns are real and in this case broader generally 
than the above (re Martin's example).  On the other hand, there's  a 
trust barrier aspect:  all the above existing uses require some trust (a 
lot more than this really) be granted the app.  Any sort of 
desktop/plugin install inherently gets more permission and more ability 
to snoop than Martin's example.

If you install Skype desktop, you've generally given it permission to do 
almost anything nasty from a privacy perspective.  Ironically on 
Windows/etc (but not Android - I hope!), you've given your solitaire 
program the same rights.

-- 
Randell Jesup
randell-ietf@jesup.org

Received on Tuesday, 5 February 2013 12:32:22 UTC