W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 27 Nov 2013 11:41:59 -0800
Message-ID: <CABkgnnXMJtqpCOKGFbEUVi14jy1p8ob1CnvHWkBp=d=UQj0FCw@mail.gmail.com>
To: Steve Kann <stevek@stevek.com>
Cc: cowwoc <cowwoc@bbs.darktech.org>, Justin Uberti <juberti@google.com>, Lorenzo Miniero <lorenzo@meetecho.com>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On 27 November 2013 10:38, Steve Kann <stevek@stevek.com> wrote:
> After reading through some more of this thread, allowing remote keyboard
> mouse events doesn’t actually seem that much more dangerous than allowing an
> app which can view the screen to also be able to operate the browser (the
> case of navigating to the bank, and capturing the display).

If you believe that, I don't really know what I can say to convince
you otherwise.  I don't know how I can prevent an app with remote
control privileges from - for example - deleting all my files.  Or
looking at them, or modifying them.  (That includes my SSH private
key, my tax files, my password safe, you name it).  I think that I can
prevent an app from accessing sudo-protected administration functions.
 Maybe.  But that's not much consolation.

I won't say categorically that I won't be supportive of remote control
functions, but until someone presents a MUCH stronger set of
safeguards, I do not believe that user consent is sufficient
protection.  You are going to need to do a lot better than entreaties
to "think of the poor application designer".
Received on Wednesday, 27 November 2013 19:42:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:36 UTC