- From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
- Date: Wed, 27 Nov 2013 14:43:07 +1100
- To: Justin Uberti <juberti@google.com>
- Cc: cowwoc <cowwoc@bbs.darktech.org>, Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On Wed, Nov 27, 2013 at 11:35 AM, Justin Uberti <juberti@google.com> wrote: > The fundamental thing about an app install is that it is a metaphor that is > fairly well understood. If you install, say, Skype, you are by that action > granting it permission to Do Things On Your Behalf, things that could not be > done prior to said install. > > The screensharing app/extension install is similar, only with the additional > benefits of a) the app is still forced to ask the user which window to share > and b) a mechanism for revocation, both of which allow detection and > punishment of bad actors. > > I agree completely with Martin that safe-by-design needs to be our goal. For > right now, I think the approach mentioned above provides the right balance > of functionality and safety, at least until we understand more about how > this API will be used. For those arguing for weaker security: given that > users routinely turn over their credentials to phishers, how confident are > you that all users would click "Cancel" when confronted with some random web > page that pops up a screenshare chooser? If the screenshare chooser provides some information such as "Warning: only click ok if you agree to give the website access to your desktop" I think it can be made to work. WebRTC without native screen sharing is not living up to its potential, so I'd like to find a way to make this work asap. Cheers, Silvia.
Received on Wednesday, 27 November 2013 03:43:56 UTC