W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Wed, 27 Nov 2013 15:34:37 -0500
Message-ID: <5296575D.6010708@bbs.darktech.org>
To: Martin Thomson <martin.thomson@gmail.com>, Steve Kann <stevek@stevek.com>
CC: Justin Uberti <juberti@google.com>, Lorenzo Miniero <lorenzo@meetecho.com>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On 27/11/2013 2:41 PM, Martin Thomson wrote:
> On 27 November 2013 10:38, Steve Kann <stevek@stevek.com> wrote:
>> After reading through some more of this thread, allowing remote keyboard
>> mouse events doesn’t actually seem that much more dangerous than allowing an
>> app which can view the screen to also be able to operate the browser (the
>> case of navigating to the bank, and capturing the display).
> If you believe that, I don't really know what I can say to convince
> you otherwise.  I don't know how I can prevent an app with remote
> control privileges from - for example - deleting all my files.  Or
> looking at them, or modifying them.  (That includes my SSH private
> key, my tax files, my password safe, you name it).  I think that I can
> prevent an app from accessing sudo-protected administration functions.
>   Maybe.  But that's not much consolation.
>
> I won't say categorically that I won't be supportive of remote control
> functions, but until someone presents a MUCH stronger set of
> safeguards, I do not believe that user consent is sufficient
> protection.  You are going to need to do a lot better than entreaties
> to "think of the poor application designer".

I think we want to support "remote control by user" versus "remote 
control by remote application". It's a lot harder to pull off malicious 
behavior when it's done manually by a user (e.g. the problem with hidden 
iframes disappears). The problem is I can't of a way to differentiate 
between the two :)

Gili
Received on Wednesday, 27 November 2013 20:35:52 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:36 UTC