Re: [mediacapture-screen-share] API for Grabbing a Screenshot (#160) from Elad Alon via GitHub on 2021-04-19 (public-webrtc-logs@w3.org from April 2021)

From: Elad Alon via GitHub <sysbot+gh@w3.org>
Date: Mon, 19 Apr 2021 18:34:26 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-822685739-1618857264-sysbot+gh@w3.org>

> > I am not sure yet if I am arguing for 1 or 3
> 
> @eladalon1983 This is making it hard to have a meaningful conversation about security

I suggest reading "I am not sure" as "I might conceivably end up agreeing with you fully by the time we reach this topic." I suggest that we use the working assumption that cross-site isolation and opt-in are requirements for this.

So far [you have agreed](https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-821562028) that captureScreenshot is lower risk than getViewportMedia if the same security requirements are applied. But you also [called the benefit "marginal"](https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-821686240) and did not agree captureScreenshot was even desirable. I think these are much more significant blockers for consensus than the specific security-gating for this feature. I think we should tackle this first.

In fact, here is my entire roadmap for building consensus here.
**1. Reach consensus that captureScreenshot is desirable; abort otherwise.**
2. Decide whether captureScreenshot should be allowed to capture on the current tab, or if it may also capture the current window. (In either case, avoid discussing monitor.)
3. Decide on specific security requirements to gate the API behind. (Note the dependence of this stop on the previous one.)

Let's not have the cart before the horse. Let's concentrate on the first bullet-point. Under the working assumption that we only capture the current tab's viewport, and that all security measures from getViewportMedia apply to captureScreenshot - do we agree that the screenshot API carries significant enough benefits to be discussed? Please recall:
1. The user gives permission that is inherently time-bound, unlike with gVM.
2. The user is **not** taught the "un-lesson" that sharing video is par for the course.
3. The user gets to scrutinize the single frame that is captured. (This implicitly hints to the user that this is a risky operation.) 
4. The user gets to crop and black-out sensitive content, including user-generated content unique to the site. (Thank you @guidou for the chat example.)


-- 
GitHub Notification of comment by eladalon1983
Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/160#issuecomment-822685739 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 19 April 2021 18:34:28 UTC