- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 25 Nov 2013 14:36:03 -0800
- To: Steve Kann <stevek@stevek.com>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 25 November 2013 13:51, Steve Kann <stevek@stevek.com> wrote: > [1] Speaking of control, I hope that we never, ever, ever provide a > site with the ability to control keyboard or mouse input. > > But isn’t this an incredibly valuable and powerful thing to do? Sure. To an attacker especially. Probably exclusively. All of the cases you have described are either better without control (co-browsing for instance, is better without using WebRTC at all for the "browsing" part), or addressed by having the local user provide the control. "no, the other left" is still going to be an issue, but less of an issue than: "we started screen sharing, then all of a sudden..." problems. I remain skeptical that anyone could ever devise UX sufficient to alleviate my concerns here. Feel free to try, of course.
Received on Monday, 25 November 2013 22:36:30 UTC