[mediacapture-screen-share] Capture-current-tab: Managing capture-ability by cross-origin embedder as opt-in vs. opt-out (#156) from Elad Alon via GitHub on 2020-12-16 (public-webrtc-logs@w3.org from December 2020)

From: Elad Alon via GitHub <sysbot+gh@w3.org>
Date: Wed, 16 Dec 2020 09:57:55 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-768657674-1608112674-sysbot+gh@w3.org>

eladalon1983 has just created a new issue for https://github.com/w3c/mediacapture-screen-share:

== Capture-current-tab: Managing capture-ability by cross-origin embedder as opt-in vs. opt-out ==
An API for capturing the current tab, to be named getCurrentBrowsingContextMedia (or getTabMedia, or something similar), is [under discussion](https://github.com/w3c/mediacapture-screen-share/pull/148). Concerns have been expressed over how this could be used to circumvent the origin-isolation model, as well as harvest user data. Both @jan-ivar and I have made suggestions for ways to address the former of these two concerns. The most important difference between these two suggestion, IMHO, is whether the capture-ability of embedded resources by their embedder is opt-in or opt-out. ([Opt-in suggestion](https://github.com/w3c/mediacapture-screen-share/issues/155), [opt-out suggestion](https://docs.google.com/presentation/d/1CeNeno5XuDhm1mpnVyE9eT14YKZgZUtgQsJfC8uqEpA/edit#slide=id.gaef31c926d_1_6).) I suggest that we leave other threads to discuss the particulars of their respective proposals, and use this discussion thread to try and arrive at a decision over whether opt-in or opt-out is more appropriate.

In a discussion with a potential user of the proposed API, they have expressed that it would be prohibitively difficult for them to transition their very substantial application, which embeds plenty of cross-origin first- and third-party resources, into an opt-in model, and maintain it over time. The cost (and risks) are simply too great, they tell me. They would simply not use the new API if it's opt-in.

It might be that an opt-in model would be superior from a theoretical security perspective. I am concerned that these gains would remain theoretical due to lack of adoption. It seems to me that the real choice is not between opt-in and opt-out. Rather, IMHO, the choice is between opt-out and no-feature, leaving native applications as the only way to support the intended use case .

I think it would be good if we could hear from other prospective users of this API. I will do my best to invite some, and I encourage everybody else to do the same.

Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/156 using your GitHub account

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 16 December 2020 09:57:57 UTC