W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Tue, 26 Nov 2013 18:46:03 -0500
Message-ID: <529532BB.3030401@bbs.darktech.org>
To: Martin Thomson <martin.thomson@gmail.com>
CC: Justin Uberti <juberti@google.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On 26/11/2013 6:37 PM, Martin Thomson wrote:
> On 26 November 2013 15:30, cowwoc <cowwoc@bbs.darktech.org> wrote:
>> That would work, but I don't like the fact that legitimate-capture.com has
>> to wait for bank.com to give it access to screen capture.
> That's a feature that I consider table stakes from a security perspective.
>> Banks are not
>> going to grant access to anyone but themselves and I question whether this
>> is really something banks should decide on behalf of the user.
> The content is the bank's.  Why should they not choose?  Certainly,
> they are in a better position to determine the worth of their content
> than their average user.

They probably are, but the practical implication of this approach is 
that you will only ever be able to screen-share bank.com using the 
bank's own app.

What happens for other websites, that never heard of this feature? If 
the default is "don't share" (similar to CORS) then I don't think this 
approach scales. I can't be expected to chase down every single website 
that a user might want to use my tool with, can I?

Let's say I buy your approach, there any way we can make this feature 
more usable for apps that don't know the lit of websites to be visited 
ahead of time? If not, I think it's going to used exclusively by 
specialized apps that access a very limited number of websites.

Received on Tuesday, 26 November 2013 23:47:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:52 UTC