W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Mon, 25 Nov 2013 12:18:46 -0500
Message-ID: <52938676.7080706@bbs.darktech.org>
To: public-webrtc@w3.org

If I remember correctly, Google was concerned about someone embedding 
screen capturing in an iframe, so you'd be browsing your banking data 
but someone would be watching. But again, I don't see how this is any 
different from someone opening a webcam.


On 25/11/2013 12:12 PM, piranna@gmail.com wrote:
> Screen sharing can have in the practical end the same security
> concerns that a full-screen webapp, so I think that showing an alert
> about "screen sharing is currently being done, accept?" in the same
> way that happens when enabling full-screen would be enough.
> 2013/11/25 Rob Manson <robman@mob-labs.com>:
>> What session was that in?  And is there an official announcement somewhere?!
>> 8(
>> roBman
>> On 26/11/13 3:56 AM, cowwoc wrote:
>>> Hi,
>>> In the WebRTC World conference Justin Uberti mentioned that Chrome (and
>>> Firefox too?) will be moving screen sharing out of Javascript, requiring
>>> developers to publish a browser extension per application that wishes to
>>> screen-share. The logic behind it was that malicious app could be banned
>>> from the app store.
>>> One thing I didn't understand (and was not explained) is why screen
>>> sharing is substantially more security-sensitive than webcam sharing? I get
>>> the fact that someone could use screen sharing to snoop on my banking
>>> activity, but how is this any more security sensitive than knowing what I
>>> look like and where I live? If the security dialog is good enough for webcam
>>> sharing, why is it not good enough for screen sharing?
>>> And finally, couldn't you simply require the use of SSL for this feature
>>> and then ban malicious applications based on their certificate? Requiring
>>> the download of an extension is almost like requiring a browser plugin for
>>> WebRTC. I'd like to avoid it if at all possible.
>>> Thanks,
>>> Gili
Received on Monday, 25 November 2013 17:19:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:51 UTC