[mediacapture-screen-share] Exclude Current Tab from Capture (#209) from Elad Alon via GitHub on 2022-02-22 (public-webrtc-logs@w3.org from February 2022)

From: Elad Alon via GitHub <sysbot+gh@w3.org>
Date: Tue, 22 Feb 2022 19:27:44 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-1147287233-1645558062-sysbot+gh@w3.org>

eladalon1983 has just created a new issue for https://github.com/w3c/mediacapture-screen-share:

== Exclude Current Tab from Capture ==
![Screen Shot 2022-02-22 at 20 23 23](https://user-images.githubusercontent.com/22117736/155203919-2baf80f4-2d83-4fc1-9f4a-fece11f43b0a.png)

**Accidental** self-capture is a common problem for video conferencing software. When users accidentally choose the tab in which the VC app is running, a Hall-of-Mirrors effect is produces, confusing users and derailing discussions with remote users. Eliminating this would improve the lives of users and Web-developers alike.

When `getDisplayMedia()` is called, the user agent is supposed to show an unconstrained list of all possible surfaces, and that includes the tab from which `getDisplayMedia` was called. However, members of this Working Group have in the past expressed a desire to exclude the current tab from this list, with the rationale that it's an attack-vector for bypassing origin separation. (That is to say - an application capturing itself can embed arbitrary content and see it.) I intend to propose a mechanism in this vein. The mechanism I am about to propose does **not** purport to address the security concern. But I argue that it offers **no degradation in security**.

The first option to consider is that browsers could simply eliminate the option without a change in spec. However, this solution is unlikely to be universally adopted, as some legitimate applications currently use self-capture, and some existing browser would be apprehensive of breaking them (e.g. Chrome).

We could (and should) step in and help bridge the gap, for the betterment of the Web platform. I propose the following:

Recall that `getDisplayMedia`'s argument is of type [DisplayMediaStreamConstraints](https://w3c.github.io/mediacapture-screen-share/#displaymediastreamconstraints). That is:
```webidl
partial interface MediaDevices {
  Promise<MediaStream> getDisplayMedia(optional DisplayMediaStreamConstraints constraints = {});
};
```

I propose that we extend [DisplayMediaStreamConstraints](https://w3c.github.io/mediacapture-screen-share/#displaymediastreamconstraints) with `excludeCurrentTab`:
```webidl
dictionary DisplayMediaStreamConstraints {
  (boolean or MediaTrackConstraints) video = true;
  (boolean or MediaTrackConstraints) audio = false;
  boolean excludeCurrentTab = ?;  // Default value - let's discuss.
};
```

If `excludeCurrentTab` is set to `true`, the user agent MAY/SHOULD/MUST exclude the current tab from the list of tabs.
If `excludeCurrentTab` is set to `false`, the user agent does as it wishes. (Chrome will include the current tab, as it does today, but other browsers are free to exclude the current tab either way.)


Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/209 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 22 February 2022 19:27:46 UTC