W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
Date: Wed, 27 Nov 2013 14:43:07 +1100
Message-ID: <CAHp8n2k8KcreekjGUyW+th28cxLhyrZkd4qPxPxuz6CJtAn=rw@mail.gmail.com>
To: Justin Uberti <juberti@google.com>
Cc: cowwoc <cowwoc@bbs.darktech.org>, Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On Wed, Nov 27, 2013 at 11:35 AM, Justin Uberti <juberti@google.com> wrote:
> The fundamental thing about an app install is that it is a metaphor that is
> fairly well understood. If you install, say, Skype, you are by that action
> granting it permission to Do Things On Your Behalf, things that could not be
> done prior to said install.
>
> The screensharing app/extension install is similar, only with the additional
> benefits of a) the app is still forced to ask the user which window to share
> and b) a mechanism for revocation, both of which allow detection and
> punishment of bad actors.
>
> I agree completely with Martin that safe-by-design needs to be our goal. For
> right now, I think the approach mentioned above provides the right balance
> of functionality and safety, at least until we understand more about how
> this API will be used. For those arguing for weaker security: given that
> users routinely turn over their credentials to phishers, how confident are
> you that all users would click "Cancel" when confronted with some random web
> page that pops up a screenshare chooser?

If the screenshare chooser provides some information such as "Warning:
only click ok if you agree to give the website access to your desktop"
 I think it can be made to work.

WebRTC without native screen sharing is not living up to its
potential, so I'd like to find a way to make this work asap.

Cheers,
Silvia.
Received on Wednesday, 27 November 2013 03:43:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:36 UTC