- From: Justin Uberti <juberti@google.com>
- Date: Fri, 29 Nov 2013 20:56:37 -0800
- To: cowwoc <cowwoc@bbs.darktech.org>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
- Message-ID: <CAOJ7v-1n8Z-AoqExgC+FYC+EQFfWOMiSZhepebqzmuRC3pic0Q@mail.gmail.com>
On Thu, Nov 28, 2013 at 9:07 PM, cowwoc <cowwoc@bbs.darktech.org> wrote: > On 28/11/2013 9:42 PM, Martin Thomson wrote: > > On Nov 28, 2013 9:13 AM, <stephane.cazeaux@orange.com> wrote: > > It was proposed in this thread to have a consent box displayed every > time an application wants to make screen sharing, where this consent box > would force the user to select what will be shared (whole screen, one > application, etc …) without possibility to simply accept. > > I hope that you mean 'force' in the right sense here. Modal dialog windows > are well understood as producing poor outcomes. > > > After reading the whole thread, I don’t understand what the Chrome Apps > model solves that would not be solved by this proposition. Is it possible > to have a summary of the main arguments? > > For reasons underlying the above, I don't believe that this model would > get the desired results. All arguments in favour of any 'just ask the user' > don't seem to appreciate the seriousness of the threat when weighed against > the difficulty of obtaining truly informed consent. > > In discussions I had with the UX designers on IE, they listed several > guiding principles, most relevant being: never ask a user any question with > consequences that are not immediately obvious. In this discussion, no > proponent of 'just ask the user' has properly addressed this concern. > > I remain opposed to any solution that allows an application to put such a > question in front of a user. > > > With all due respect, when a user gets an email linking them to a video of > kittens it doesn't matter one ounce whether you ask them to install a > plugin or click through a consent dialog on the website itself. They will > click through anything just so they can get back to watching kittens. Do > you honestly believe that your typical grandparent will benefit from one > approach over the other? They're not stupid. They simply have better things > to do with their time than learning about computer security. > > Until someone provides us with concrete figures showing that users respond > to one form of dialog better than another I consider this all hearsay. It's > silly that people are arguing with such conviction about what is more > secure when in reality this conversation isn't based on facts, it's based > on gut feelings. The only fact that we know for sure is that users suffer > from security warning fatigue. > Since the current opinion of the current implementors, if not the whole WG, is that there is a significant difference (see http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-07, S 5.2), the onus is on you to provide evidence to the contrary. Such a demonstration would be a pretty significant indictment of the Chrome extension security model<http://blog.chromium.org/2009/12/security-in-depth-extension-system.html>, and could even qualify for a reward under the Chrome bug bounty program<http://www.google.com/about/appsecurity/reward-program/> .
Received on Saturday, 30 November 2013 04:57:25 UTC