Re: What is missing for building "real" services? from Silvia Pfeiffer on 2014-01-11 (public-webrtc@w3.org from January 2014)

From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
Date: Sat, 11 Jan 2014 14:53:31 +1100
To: Eric Rescorla <ekr@rtfm.com>
Cc: Jan-Ivar Bruaroey <jib@mozilla.com>, public-webrtc <public-webrtc@w3.org>, Alexandre Gouaillard <agouaillard@gmail.com>, Randell Jesup <randell-ietf@jesup.org>
Message-ID: <CAHp8n2k=_4MeM8+mvuwozkK1LMi8VZKgC=_Y+m-GJ6j8OwBddw@mail.gmail.com>

On Sat, Jan 11, 2014 at 11:47 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> On Fri, Jan 10, 2014 at 4:22 PM, Silvia Pfeiffer
> <silviapfeiffer1@gmail.com> wrote:
>>
>> On 11 Jan 2014 06:55, "Jan-Ivar Bruaroey" <jib@mozilla.com> wrote:
>>>
>>> On 1/9/14 8:22 PM, Alexandre GOUAILLARD wrote:
>>>>
>>>> 3. See this entire e-mail as an expression of my frustration:
>>>> - yes, everybody agrees it s important
>>>> - yes, chrome as *an* implementation
>>>> - yes, we all agree it's sensitive, and there are a lot of identified
>>>> scenarii where things would go wrong.
>>>> but can we for the love of all the good things out there, not stay stuck
>>>> at the above three lines and come up with something, anything, that enable
>>>> it without a plugin or an extension (but with care and with some fences
>>>> around it to prevent).[...]
>>>>
>>>>
>>>> I certainly don't know enough about the subject even though I read all
>>>> the cited draft, specs and related discussion online, and I don;t have the
>>>> experience that some (most) of you guys here have. But It does not mean I
>>>> don't have a point. I also do not pretend to know enough, and I would have
>>>> no problem joining any kind of informal task force including chrome and
>>>> mozilla people, at anytime of the day or night (I'm 15 hours away from
>>>> pacific time) and try super hard to understand all aspects, if such a task
>>>> force was set up with the will to find a way to make it happen. I can even
>>>> code parts and/or dedicate staff to this. I just would like to see something
>>>> coming else than making a plugin.
>>>
>>>
>>> This is the task force. The place to solve this is here.
>>>
>>> It's not that hard to understand:
>>>
>>> A webpage today is allowed to manipulate content it cannot see. It can
>>> make your bank-account page dance across your screen, but it cannot see it.
>>> Screengrabbing is like giving it a mirror. With that mirror, it can target
>>> and grab all your online information in a flickeringly short second. Explain
>>> that to people.
>>
>> What happened to the idea of blacking out all tabs that don't have an
>> explicit permission set, e.g. something like a meets tag of
>> "screensharing=allow"? I thought that would mediate this issue.

Note: s/meets/meta/ (damned auto-correct).

> If by mediate you mean "cause web pages to look really bad when shared",
> then yes, it would...

No, it would only mean that those pages that are allowed to be
screenshared would look fine and those with private information (e.g.
bank account pages) would turn out as black, which I think would be
perfectly acceptable.

Silvia.

Received on Saturday, 11 January 2014 03:54:19 UTC