Re: [w3ctag/design-reviews] API for capturing all screens (Issue #856)

> A risk I see that is not discussed in the explainer or the spec is users' responses to permission prompts being gamed

@torgo, a user cannot chance upon an arbitrary malicious site and be shown a dialog to share all their screens with that site. This API is restricted to origins allowlisted by the admin. That configuration should even be enough to forego a user-prompt altogether, if the user was warned earlier that the device might be subject to surveillance at any time, allowing them to walk away from the device rather than use it if they don't accept that.

That said, I believe other concerns (XSS) have prompted discussion of potentially moving this API off of the Web. @shangl would know the status of these and whether this TAG review request is still relevant.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/856#issuecomment-1639735184
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/856/1639735184@github.com>

Received on Tuesday, 18 July 2023 08:14:52 UTC