[mediacapture-screen-share-extensions] Prevent unintentional leaks (#6)

NDevTK has just created a new issue for https://github.com/w3c/mediacapture-screen-share-extensions:

== Prevent unintentional leaks ==
It seems currently this API exposes the contents of all website with just a attacker controlled navigation.

I think if websites had the global screen recording state maybe via navigator.mediaDevices.isRecording they would be able to implement privacy protections.

- Warning about a navigation causing emails to be listed when recording and using "Sec-Fetch-Site cross-site"
- Redact notifications (I think discord already attempts to detect screen recording on the desktop app)
- Allows banks to panic.

Should probably also be an option to bypass it.

I would be surprised if this was a valid issue and I did understand the API correctly.




Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share-extensions/issues/6 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 23 February 2024 08:50:50 UTC