- From: Elad Alon via GitHub <sysbot+gh@w3.org>
- Date: Fri, 16 Apr 2021 21:22:18 +0000
- To: public-webrtc-logs@w3.org
Before I dive into the security discussion - if your position happens to be "I would support this if we just add the requirements of isolation and opt-in," then I would be gratified to hear that explicitly. If that's the case, I think we can set to work on nailing down all of the other details, and leave this one particular topic for later. --- I am not sure yet if I am arguing for 1 or 3; this remains to be decided. Security is of course important, but it's always a trade-off between what we're willing to risk and what we're seeking to gain. I am not yet convinced that isolation + opt-in is a silver bullet that must be fired at every target. I think in some specific circumstances, other mechanisms can stand in. Have you read [this part](https://eladalon1983.github.io/mediacapture-screenshot/#dom-mediadevices-capturescreenshot) of my document, btw? Namely: 4. The user agent SHOULD inspect the DOM and return a rejected promise if suspicious behavior is detected. Some examples of suspicious behavior include: * An overlaid cross-origin iframe at an opacity that's likely to escape the user's notice. * An overlaid cross-origin iframe displayed inside the viewport using a suspicious size in a way that the user agent suspected might be intended to escape the user's notice. The above is a proposal for placing on the user agent the burden of detecting malicious behavior. The user agent can be as zealous in its application of this principle as it wishes, up to disallowing screenshots if any amount of opacity is utilized for anything that's not patently benign. Another mechanism I have there is this: * The user agent SHOULD add a random delay between when captureScreenshot() is called and when the screenshot is taken and presented to the user. This makes it harder for a malicious application to flash new content to the screen exactly at the time that the preview is presented to the user, thereby escaping the user's notice and gaining their approval of the screenshot based on the content they saw before the preview was presented. I am curious to hear your thoughts. -- GitHub Notification of comment by eladalon1983 Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-821570956 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 16 April 2021 21:22:20 UTC