- From: cowwoc <cowwoc@bbs.darktech.org>
- Date: Tue, 26 Nov 2013 04:07:08 -0500
- To: public-webrtc@w3.org
- Message-ID: <529464BC.3030605@bbs.darktech.org>
On 26/11/2013 3:42 AM, Harald Alvestrand wrote: > On 11/26/2013 09:09 AM, cowwoc wrote: >> Hi Justin, >> >> On 25/11/2013 6:58 PM, Justin Uberti wrote: >>> Others have already made the points I was going to, but I'll summarize: >>> - Screensharing is more dangerous than webcam access, because the >>> attacker can record the screen, AND control what is displayed on it. >> >> Agreed but only if you interpret screen-sharing as co-browsing. It is >> possible to limit screen-sharing to read-only screen recording, >> without the ability to control what is being displayed on it, in >> which case none of these security concerns exist. > > Gili, it's a JAVASCRIPT APPLICATION. > > What Javascript applications do in general is to control what the > browser shows on the screen. > > Unless you want to limit screencasting to 'casting everything EXCEPT > for the browser (a very marginal use case, and totally inconsistent > with everything people are currently deploying screencasting for), the > Javascript will be able to control whatever Javascript is usually able > to control. > > Please think this through. > Harald, You seem to be misunderstanding what I had in mind. I'm talking about the following: Alice opens bank.com in tab 1, screenshare.com in tab 2. She instructs the WebRTC application in tab 2 to screen-share tab 1. It is my understanding that Javascript cannot do cross-tab scripting, and as such we'd be safe. The cross-tab operation is being implemented by the browser, not Javascript. Gili
Received on Tuesday, 26 November 2013 09:08:12 UTC