Re: Why does screen sharing require a browser extension? from cowwoc on 2013-11-29 (public-webrtc@w3.org from November 2013)

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Fri, 29 Nov 2013 00:07:26 -0500
To: public-webrtc@w3.org
Message-ID: <5298210E.6090108@bbs.darktech.org>

On 28/11/2013 9:42 PM, Martin Thomson wrote:
>
> On Nov 28, 2013 9:13 AM, <stephane.cazeaux@orange.com 
> <mailto:stephane.cazeaux@orange.com>> wrote:
> > It was proposed in this thread to have a consent box displayed every 
> time an application wants to make screen sharing, where this consent 
> box would force the user to select what will be shared (whole screen, 
> one application, etc …) without possibility to simply accept.
>
> I hope that you mean 'force' in the right sense here. Modal dialog 
> windows are well understood as producing poor outcomes.
>
> > After reading the whole thread, I don’t understand what the Chrome 
> Apps model solves that would not be solved by this proposition. Is it 
> possible to have a summary of the main arguments?
>
> For reasons underlying the above, I don't believe that this model 
> would get the desired results. All arguments in favour of any 'just 
> ask the user' don't seem to appreciate the seriousness of the threat 
> when weighed against the difficulty of obtaining truly informed consent.
>
> In discussions I had with the UX designers on IE, they listed several 
> guiding principles, most relevant being: never ask a user any question 
> with consequences that are not immediately obvious.  In this 
> discussion, no proponent of 'just ask the user' has properly addressed 
> this concern.
>
> I remain opposed to any solution that allows an application to put 
> such a question in front of a user.
>

With all due respect, when a user gets an email linking them to a video 
of kittens it doesn't matter one ounce whether you ask them to install a 
plugin or click through a consent dialog on the website itself. They 
will click through anything just so they can get back to watching 
kittens. Do you honestly believe that your typical grandparent will 
benefit from one approach over the other? They're not stupid. They 
simply have better things to do with their time than learning about 
computer security.

Until someone provides us with concrete figures showing that users 
respond to one form of dialog better than another I consider this all 
hearsay. It's silly that people are arguing with such conviction about 
what is more secure when in reality this conversation isn't based on 
facts, it's based on gut feelings. The only fact that we know for sure 
is that users suffer from security warning fatigue.

Gili

Received on Friday, 29 November 2013 05:08:40 UTC