Re: [w3ctag/design-reviews] API for display-capturing the current tab (#625) from Jan-Ivar Bruaroey on 2021-05-13 (public-webapps-github@w3.org from May 2021)

From: Jan-Ivar Bruaroey <notifications@github.com>
Date: Thu, 13 May 2021 10:08:07 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/625/840699606@github.com>

> A hybrid API - getCurrentBrowsingContextMedia - is deemed necessary in order to offer some of the benefits of getViewportMedia without its elevated security requirements. This hybrid API will allow the application to signal its preference for capturing the current tab. The browser will then offer the current tab as the first option to the user, but will still offer unlimited choice of capture sources (see image below). The unlimited choice of sources makes this new API compliant with the requirements of getDisplayMedia.

An application signal does not alleviate the _"elevated security requirements"_ if the application is malicious, it defeats them.

The [getDisplayMedia](https://w3c.github.io/mediacapture-screen-share/#dom-mediadevices-getdisplaymedia) API deters social engineering: _"User Agents are encouraged to warn users against sharing_ browser _display devices as well as_ monitor _display devices where browser windows are visible, or otherwise try to **discourage their selection on the basis that these represent a significantly higher risk when shared**."_ ¹

Providing malicious applications with a method that does exactly what they need seems like a bad idea.

I also worry it would undermine adoption of [getViewportMedia](https://github.com/w3c/mediacapture-screen-share/issues/155) which requires sites to isolate to have this ability, specifically to mitigate this threat, which [Chrome Security agrees is significant](https://github.com/w3c/mediacapture-screen-share/issues/155#issuecomment-812009563).

---
<sub>1. See the [questionaire.md](https://github.com/w3c/mediacapture-screen-share/blob/gh-pages/questionnaire.md#24-how-does-this-specification-deal-with-sensitive-information) and subsequent links for details of these unobvious treats on the same-origin policy from sharing web surfaces under attacker control.</sub>

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/625#issuecomment-840699606

Received on Thursday, 13 May 2021 17:08:19 UTC