- From: youennf via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Mar 2022 08:35:42 +0000
- To: public-webrtc-logs@w3.org
> Obfuscation is great. But it won't eliminate the need for `excludeCurrentTab` Obfuscation is solving Hall-Of-Mirrors, which the issue is about. I do not think we should do `excludeCurrentTab` with Hall-Of-Mirrors as the main motivation. If `excludeCurrentTab` has other benefits, that is fine, let's file a dedicated issue about this idea and detail all its potential benefits and drawbacks. > 1. What will an application that expects anything-but-current-tab (on Chrome) do when it gets current-tab-but-obfuscated (on Safari)? Applications will need to deal with this even with `excludeCurrentTab`, say if selecting a window or screen. Or are you saying `excludeCurrentTab` would forbid user selection of some surfaces? That would be a big change of doctrine. With regards to security analysis, I think the current tab is a somewhat safer surface than other tabs controlled by the attacker: other tabs can be navigated while being captured, the current tab can only navigate iframes. -- GitHub Notification of comment by youennf Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/209#issuecomment-1061532563 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 8 March 2022 08:35:44 UTC