W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: Lorenzo Miniero <lorenzo@meetecho.com>
Date: Wed, 27 Nov 2013 18:51:03 +0100
To: Justin Uberti <juberti@google.com>
Cc: cowwoc <cowwoc@bbs.darktech.org>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <20131127185103.0ad984b0@lminiero>
Il giorno Wed, 27 Nov 2013 09:10:13 -0800
Justin Uberti <juberti@google.com> ha scritto:

> On Wed, Nov 27, 2013 at 1:46 AM, Lorenzo Miniero
> <lorenzo@meetecho.com>wrote:
> 
> > Il giorno Wed, 27 Nov 2013 00:34:46 -0800
> > Justin Uberti <juberti@google.com> ha scritto:
> >
> > > I disagree completely.
> > >
> > > Allowing the installation of apps that have unlimited access to
> > > the system did cause the computing world to end, in a sense. We
> > > tried that, and the result was systems plagued with spyware, and
> > > the creation of the whole anti-virus industry. Thankfully, this
> > > philosophy has now been discredited, and replaced with approaches
> > > that through various mechanisms (ACLs, sandboxing, curation, etc)
> > > aim to protect their users as a top priority. That is what Chrome
> > > (amongst others) is doing, and will continue to do.
> > >
> > > I understand that having access to screen sharing is a highly
> > > desired feature. But there are real issues here, and no amount of
> > > scary text in the dialog box is going to make this safe for
> > > arbitrary pages on the drive-by web.
> > >
> > > So we have made our decision for the initial rollout of this
> > > functionality. In M33, the rules are as I describe - accessible
> > > only via extensions or apps, and for window/desktop sharing, a
> > > user prompt for all sharing requests. We'll ship this code,
> > > people will use it, we'll get feedback - and we'll go from there.
> > >
> >
> >
> > I still don't have a clear opinion on this, as I'm trying to make my
> > mind about this, and so I really don't have alternatives ready, but
> > I have a question (well maybe two). Would this app/extension be
> > associated with a specific domain? that is, would YourCompany
> > publish such an app to allow window/desktop sharing when the
> > page/javascript comes from yourcompany.com, or would it be in
> > general a service provided to JavaScript developers that may make
> > use of it? I guess it's the former, but in that case, can I use
> > window/desktop sharing in localhost or on a LAN, e.g., for testing
> > purposes? The proposed model seems to suggest I wouldn't be able to
> > do so.
> >
> 
> The publisher of the extension can control which domains can talk to
> it. See
> http://developer.chrome.com/extensions/manifest/externally_connectable.html.
> This would allow you to make your extension available to
> yourcompany.com, as well as development machines on
> *.corp.yourcompany.com. (Note that *.com and other wide-reaching
> wildcards are not permitted.)
> 
> There is also the Chrome flag parameter to force on the screen-sharing
> feature for testing purposes
> (chrome://flags/#enable-usermedia-screen-capture).


Ok, so the flag to do it anyway (just for testing, of course) would
still be there. Thanks for the clarification.

Lorenzo
Received on Wednesday, 27 November 2013 17:51:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:36 UTC