W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: Justin Uberti <juberti@google.com>
Date: Wed, 27 Nov 2013 09:10:13 -0800
Message-ID: <CAOJ7v-1DJpFO7Bt+MaPyPFGc-oS0jj6f99CxYBxAXjUfi=kbAw@mail.gmail.com>
To: Lorenzo Miniero <lorenzo@meetecho.com>
Cc: cowwoc <cowwoc@bbs.darktech.org>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On Wed, Nov 27, 2013 at 1:46 AM, Lorenzo Miniero <lorenzo@meetecho.com>wrote:

> Il giorno Wed, 27 Nov 2013 00:34:46 -0800
> Justin Uberti <juberti@google.com> ha scritto:
> > I disagree completely.
> >
> > Allowing the installation of apps that have unlimited access to the
> > system did cause the computing world to end, in a sense. We tried
> > that, and the result was systems plagued with spyware, and the
> > creation of the whole anti-virus industry. Thankfully, this
> > philosophy has now been discredited, and replaced with approaches
> > that through various mechanisms (ACLs, sandboxing, curation, etc) aim
> > to protect their users as a top priority. That is what Chrome
> > (amongst others) is doing, and will continue to do.
> >
> > I understand that having access to screen sharing is a highly desired
> > feature. But there are real issues here, and no amount of scary text
> > in the dialog box is going to make this safe for arbitrary pages on
> > the drive-by web.
> >
> > So we have made our decision for the initial rollout of this
> > functionality. In M33, the rules are as I describe - accessible only
> > via extensions or apps, and for window/desktop sharing, a user prompt
> > for all sharing requests. We'll ship this code, people will use it,
> > we'll get feedback - and we'll go from there.
> >
> I still don't have a clear opinion on this, as I'm trying to make my
> mind about this, and so I really don't have alternatives ready, but I
> have a question (well maybe two). Would this app/extension be
> associated with a specific domain? that is, would YourCompany publish
> such an app to allow window/desktop sharing when the page/javascript
> comes from yourcompany.com, or would it be in general a service
> provided to JavaScript developers that may make use of it? I guess it's
> the former, but in that case, can I use window/desktop sharing in
> localhost or on a LAN, e.g., for testing purposes? The proposed model
> seems to suggest I wouldn't be able to do so.

The publisher of the extension can control which domains can talk to it.
This would allow you to make your extension available to yourcompany.com,
as well as development machines on *.corp.yourcompany.com. (Note that *.com
and other wide-reaching wildcards are not permitted.)

There is also the Chrome flag parameter to force on the screen-sharing
feature for testing purposes
Received on Wednesday, 27 November 2013 17:11:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:52 UTC