W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 25 Nov 2013 10:14:29 -0800
Message-ID: <CABkgnnXpUrM-eP-UZegcxQGMybQNWXBatiyNS0ky_63T9u7z-A@mail.gmail.com>
To: cowwoc <cowwoc@bbs.darktech.org>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 25 November 2013 08:56, cowwoc <cowwoc@bbs.darktech.org> wrote:
> One thing I didn't understand (and was not explained) is why screen sharing
> is substantially more security-sensitive than webcam sharing? I get the fact
> that someone could use screen sharing to snoop on my banking activity, but
> how is this any more security sensitive than knowing what I look like and
> where I live? If the security dialog is good enough for webcam sharing, why
> is it not good enough for screen sharing?

The difference between screen sharing and media is largely in the way
that users comprehend the security issues.  It's relatively easy to
understand what sharing your image or voice is going to do.  Most
people just get it straight away: "share the camera? yes/no" is a
pretty easy thing to understand.

Screen sharing seems obvious, but it is far from it.  Sharing what you
can see might seem safe, but when a site has the ability to frame in
content, capture it, then hide the frame, all without you noticing,
the secrets that they can steal are many.  Take the cross-site request
forgery tokens that many sites with strong security requirements put
in HTML (the target of BREACH attacks), adding an iframe with
view-source:https://... that briefly shows this would allow sites to
hijack sessions.  Add eye tracking from your camera, and your chance
of noticing the attack approaches zero.

You are not the only person to have asked this question, which makes
it obvious to me that asking users would be hugely irresponsible.  The
choice that Justin is making is a step in the right direction, but I
still believe it to be insufficient.

> And finally, couldn't you simply require the use of SSL for this feature and
> then ban malicious applications based on their certificate?

How exactly were you going to identify an application as malicious?
After they steal someone's life savings?  Keep in mind that it's only
the matter of milliseconds to stand up a new site with a new
certificate.
Received on Monday, 25 November 2013 18:15:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:36 UTC