W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2013

Re: Why does screen sharing require a browser extension?

From: Justin Uberti <juberti@google.com>
Date: Fri, 29 Nov 2013 20:56:37 -0800
Message-ID: <CAOJ7v-1n8Z-AoqExgC+FYC+EQFfWOMiSZhepebqzmuRC3pic0Q@mail.gmail.com>
To: cowwoc <cowwoc@bbs.darktech.org>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On Thu, Nov 28, 2013 at 9:07 PM, cowwoc <cowwoc@bbs.darktech.org> wrote:

>  On 28/11/2013 9:42 PM, Martin Thomson wrote:
>
> On Nov 28, 2013 9:13 AM, <stephane.cazeaux@orange.com> wrote:
> > It was proposed in this thread to have a consent box displayed every
> time an application wants to make screen sharing, where this consent box
> would force the user to select what will be shared (whole screen, one
> application, etc …) without possibility to simply accept.
>
> I hope that you mean 'force' in the right sense here. Modal dialog windows
> are well understood as producing poor outcomes.
>
> > After reading the whole thread, I don’t understand what the Chrome Apps
> model solves that would not be solved by this proposition. Is it possible
> to have a summary of the main arguments?
>
> For reasons underlying the above, I don't believe that this model would
> get the desired results. All arguments in favour of any 'just ask the user'
> don't seem to appreciate the seriousness of the threat when weighed against
> the difficulty of obtaining truly informed consent.
>
> In discussions I had with the UX designers on IE, they listed several
> guiding principles, most relevant being: never ask a user any question with
> consequences that are not immediately obvious.  In this discussion, no
> proponent of 'just ask the user' has properly addressed this concern.
>
> I remain opposed to any solution that allows an application to put such a
> question in front of a user.
>
>
> With all due respect, when a user gets an email linking them to a video of
> kittens it doesn't matter one ounce whether you ask them to install a
> plugin or click through a consent dialog on the website itself. They will
> click through anything just so they can get back to watching kittens. Do
> you honestly believe that your typical grandparent will benefit from one
> approach over the other? They're not stupid. They simply have better things
> to do with their time than learning about computer security.
>

> Until someone provides us with concrete figures showing that users respond
> to one form of dialog better than another I consider this all hearsay. It's
> silly that people are arguing with such conviction about what is more
> secure when in reality this conversation isn't based on facts, it's based
> on gut feelings. The only fact that we know for sure is that users suffer
> from security warning fatigue.
>

Since the current opinion of the current implementors, if not the whole WG,
is that there is a significant difference (see
http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-07, S 5.2), the
onus is on you to provide evidence to the contrary.

Such a demonstration would be a pretty significant indictment of the Chrome
extension security
model<http://blog.chromium.org/2009/12/security-in-depth-extension-system.html>,
and could even qualify for a reward under the Chrome bug bounty
program<http://www.google.com/about/appsecurity/reward-program/>
.
Received on Saturday, 30 November 2013 04:57:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:36 UTC