W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: Harald Alvestrand <harald@alvestrand.no>
Date: Tue, 26 Nov 2013 09:42:29 +0100
Message-ID: <52945EF5.5060905@alvestrand.no>
To: public-webrtc@w3.org
On 11/26/2013 09:09 AM, cowwoc wrote:
> Hi Justin,
> On 25/11/2013 6:58 PM, Justin Uberti wrote:
>> Others have already made the points I was going to, but I'll summarize:
>> - Screensharing is more dangerous than webcam access, because the 
>> attacker can record the screen, AND control what is displayed on it.
> Agreed but only if you interpret screen-sharing as co-browsing. It is 
> possible to limit screen-sharing to read-only screen recording, 
> without the ability to control what is being displayed on it, in which 
> case none of these security concerns exist.


What Javascript applications do in general is to control what the 
browser shows on the screen.

Unless you want to limit screencasting to 'casting everything EXCEPT for 
the browser (a very marginal use case, and totally inconsistent with 
everything people are currently deploying screencasting for), the 
Javascript will be able to control whatever Javascript is usually able 
to control.

Please think this through.
Received on Tuesday, 26 November 2013 08:42:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:52 UTC