W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > March 2022

Re: [mediacapture-screen-share] Avoid Hall-of-Mirrors (#209)

From: youennf via GitHub <sysbot+gh@w3.org>
Date: Tue, 08 Mar 2022 08:35:42 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-1061532563-1646728541-sysbot+gh@w3.org>
> Obfuscation is great. But it won't eliminate the need for `excludeCurrentTab`

Obfuscation is solving Hall-Of-Mirrors, which the issue is about.
I do not think we should do `excludeCurrentTab` with Hall-Of-Mirrors as the main motivation.
If `excludeCurrentTab` has other benefits, that is fine, let's file a dedicated issue about this idea and detail all its potential benefits and drawbacks.

> 1. What will an application that expects anything-but-current-tab (on Chrome) do when it gets current-tab-but-obfuscated (on Safari)?

Applications will need to deal with this even with `excludeCurrentTab`, say if selecting a window or screen.
Or are you saying `excludeCurrentTab` would forbid user selection of some surfaces? That would be a big change of doctrine.

With regards to security analysis, I think the current tab is a somewhat safer surface than other tabs controlled by the attacker: other tabs can be navigated while being captured, the current tab can only navigate iframes.

GitHub Notification of comment by youennf
Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/209#issuecomment-1061532563 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 8 March 2022 08:35:44 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:56 UTC