- From: jianjunz via GitHub <sysbot+gh@w3.org>
- Date: Mon, 19 Nov 2018 14:15:48 +0000
- To: public-webrtc-logs@w3.org
> I can imagine this becoming permissions-based system, where blocking event propagation is used to deny access to the shared content. Or the page could black out its content as a result of receiving the event. > > Why don't we instead tackle the question of whether we can or should ask sites for their permission before they are shared? In most cases, only a very small part of the page needs to be observed. E.g. password, payment info. > Screen sharing is inherently a user-driven feature. If a user wishes to share a web surface, I'm not sure why that's any of that web surface's business. I'm concerned such a feature could be used to subvert screen capture, going against the interest of users, creating unnecessary observer's paradox situations, if you will. > > I'd rather explore having user agents making such decisions, e.g. detect and blur username and password fields, to protect user privacy in a neutral way. I'm wondering if UAs are smart enough to make such decisions. Besides username and password, there might be some site specific sensitive information, such as product keys. Although screen sharing is initialized by user, some content in web pages are dynamically loaded, which is uncertain to the user. For instance, when someone opens a new tab and navigates to Github during screen sharing, he/she doesn't know what recent activities will shown. If there is sensitive information in recent activity, it should be obfuscated. -- GitHub Notification of comment by jianjunz Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/83#issuecomment-439906626 using your GitHub account
Received on Monday, 19 November 2018 14:15:50 UTC