- From: cowwoc <cowwoc@bbs.darktech.org>
- Date: Tue, 26 Nov 2013 18:46:03 -0500
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: Justin Uberti <juberti@google.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On 26/11/2013 6:37 PM, Martin Thomson wrote: > On 26 November 2013 15:30, cowwoc <cowwoc@bbs.darktech.org> wrote: >> That would work, but I don't like the fact that legitimate-capture.com has >> to wait for bank.com to give it access to screen capture. > That's a feature that I consider table stakes from a security perspective. > >> Banks are not >> going to grant access to anyone but themselves and I question whether this >> is really something banks should decide on behalf of the user. > The content is the bank's. Why should they not choose? Certainly, > they are in a better position to determine the worth of their content > than their average user. They probably are, but the practical implication of this approach is that you will only ever be able to screen-share bank.com using the bank's own app. What happens for other websites, that never heard of this feature? If the default is "don't share" (similar to CORS) then I don't think this approach scales. I can't be expected to chase down every single website that a user might want to use my tool with, can I? Let's say I buy your approach, there any way we can make this feature more usable for apps that don't know the lit of websites to be visited ahead of time? If not, I think it's going to used exclusively by specialized apps that access a very limited number of websites. Gili
Received on Tuesday, 26 November 2013 23:47:03 UTC