- From: Tim Panton via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Jun 2022 10:29:22 +0000
- To: public-webrtc-logs@w3.org
As to a specific risk - one I have in mind goes like this: A major Video Conference app chooses to offer a server based webAPI for co-operating web apps to submit their cropTargets (to avoid cross origin issues). Perhaps it even penalises sites that don't with a user warning or something. Now suddenly every app that ever wants to be capable of being screenshared without the warning will have to (_speculatively_ because it can't know the user intent to capture it) _always_ send cropTargets to the video conference server's API for _every_ user session - even if this user has never and will never use that conference server. As a reward the conference app gets detailed usage stats for all screen-shareable apps. This is not a good thing IMHO and we should not set up a situation which permits such leverage. None of this happens with an opaque token because unless the user actually has a session with the videoconference app, there is nowhere to post message the token to, so no stats can be collected. -- GitHub Notification of comment by steely-glint Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/46#issuecomment-1165437485 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 June 2022 10:29:23 UTC