[mediacapture-surface-control] [Capture control] Address click-jacking concerns (#41) from Jan-Ivar Bruaroey via GitHub on 2024-11-13 (public-webrtc-logs@w3.org from November 2024)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Nov 2024 08:34:31 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-2654668208-1730216757-sysbot+gh@w3.org>

jan-ivar has just created a new issue for https://github.com/w3c/mediacapture-surface-control:

== [Capture control] Address click-jacking concerns ==
In https://github.com/w3c/mediacapture-screen-share-extensions/issues/14#issuecomment-2435351548 ~we seem to agree~/lists serious click-jacking concerns [that] remain with this API.
> Undesirable behaviors:
> - Attempts to click-jack scrolling input from the user, through techniques such as
>   - div covering entire page
>   - transparent element
>   - element following the mouse
>   - element larger than visible preview video
>   - element not visible to the user
> - Attempts to induce over-scroll
>   - no preview video
>   - delayed preview video
>   - inauthentic preview video

Also https://github.com/w3c/mediacapture-screen-share-extensions/issues/14#issuecomment-2437850738:
> - Pop a video element where the user was already scrolling.
> - Have the video already there, but obscured by another element, then remove the obscuring element.

[IMHO] Permission prompts have shown to be useless in explaining click-jacking threats to users. If users can't understand the risk then we have not obtained [meaningful consent](https://w3ctag.github.io/design-principles/#consent).

As such, permission does not seem sufficient as a remedy to these attacks. The spec needs to address this:
- by documenting risks and approaches under security considerations
- provide design recommendations to implementers to disable forwarding when click-jacking is suspected 
- choose API designs that help user agents mitigate these risks, such as
  - limit scope of functionality to live, user-visible and stable video playback (e.g. of a preview area) 

Please view or discuss this issue at https://github.com/w3c/mediacapture-surface-control/issues/41 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 13 November 2024 08:34:33 UTC