Re: [mediacapture-screen-share-extensions] Consider dropping permission for captured surface control APIs (#14) from Jan-Ivar Bruaroey via GitHub on 2024-10-30 (public-webrtc-logs@w3.org from October 2024)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Wed, 30 Oct 2024 17:40:43 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-2447910745-1730310040-sysbot+gh@w3.org>

Thank you all for the continued and thoughtful discussion on this important issue.

I'm glad we agree that serious click-jacking concerns remain with this API. To address them, I've filed [issue #24](https://github.com/w3c/mediacapture-screen-share-extensions/issues/14#24) so we can collaboratively work on mitigating them.

I agree with @youennf that adopting a cautious and protective approach by adding features progressively is prudent. In the long term, I believe that user agents shouldn't rely solely on user consent — especially when that consent may not be fully informed due to the complexities of risks like click-jacking. Instead, we should aim to build robust protections directly into the technology.

However, I understand that browsers may need time and practical experience to develop effective safeguards against click-jacking attacks introduced by these new features.

As a compromise, I'm open to considering the inclusion of a permission prompt in the short term, provided we can agree that our long-term goal is to eliminate the need for it once adequate mitigations are in place.

@eladalon1983 makes a good point that vendors can choose to grant this permission by default once they feel confident in their protective measures. Once all browsers reach that level of confidence, we should be able to deprecate the permission or at least reducing its implementation cost.

That said, I would prefer if the inclusion of permission doesn't dictate the API shape.

E.g. if prompting on first scroll is undesirable, what if @youennf's proposed API triggered a prompt and instant NotAllowedError?
```js
try {
videoElement.enableGestureForwarding = true; // triggers a prompt and fails instantly
} catch (e) {
if (e.name != "NotAllowedError") throw;
console.log(videoElement.enableGestureForwarding); // false
}
```

--
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share-extensions/issues/14#issuecomment-2447910745 using your GitHub account

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 30 October 2024 17:40:44 UTC