- From: Steve Kann <stevek@stevek.com>
- Date: Tue, 26 Nov 2013 11:22:24 -0500
- To: Justin Uberti <juberti@google.com>, cowwoc <cowwoc@bbs.darktech.org>
- CC: Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
- Message-ID: <CEBA140A.4A75B%stevek@stevek.com>
Justin Uberti wrote: > Others have already made the points I was going to, but I'll summarize: > - Screensharing is more dangerous than webcam access, because the attacker can > record the screen, AND control what is displayed on it. > - It only takes one frame to capture sensitive information - far less than > would be noticeable by a user. > - Requiring unambiguous opt-in for sharing, and being able to remotely disable > bad actors, are therefore the best hope of security. Išm following you and agree up until this point. > - To opt in, the user will need to install an app or extension, and when > actually sharing, select the window/desktop to be shared from a consent box. > - Installing through an app store is an explicit grant of trust by the user to > the application (similar to installing a desktop app). Visiting a web page is > not. What youšre saying here is that because of the wide scope of rights that may be granted here (one could argue that they are potentially as broad as those of installing a native application or bypassing sandbox rules entirely), we want to have strong, informed user consent, and the ability for curation (I.e. vendor-managed whitelisting or blacklisting). But doesnšt your proposed mechanism ultimately take these consent mechanisms outside of the scope of WebRTC, and force developers to develop, submit, and manage things through many proprietary mechanisms (chrome app store, Apple Developer program, Microsoft Store, etc etc)? Wouldnšt it be better to standardize this as well, so that developers can build a standards-compliant WebRTC application, which supports this capability ‹ safely? It feels like wešre punting here, and saying that anything having to do with screen-savings canšt be webrtc, it needs to be proprietary. -SteveK
Received on Wednesday, 27 November 2013 07:09:05 UTC