- From: Jan-Ivar Bruaroey <jib@mozilla.com>
- Date: Sun, 12 Jan 2014 17:19:25 -0500
- To: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
- CC: public-webrtc <public-webrtc@w3.org>, Alexandre Gouaillard <agouaillard@gmail.com>, Randell Jesup <randell-ietf@jesup.org>
- Message-ID: <52D314ED.9070308@mozilla.com>
On 1/10/14 7:22 PM, Silvia Pfeiffer wrote: > > On 11 Jan 2014 06:55, "Jan-Ivar Bruaroey" <jib@mozilla.com > <mailto:jib@mozilla.com>> wrote: > > > > On 1/9/14 8:22 PM, Alexandre GOUAILLARD wrote: > >> > >> 3. See this entire e-mail as an expression of my frustration: > >> - yes, everybody agrees it s important > >> - yes, chrome as *an* implementation > >> - yes, we all agree it's sensitive, and there are a lot of > identified scenarii where things would go wrong. > >> but can we for the love of all the good things out there, not stay > stuck at the above three lines and come up with something, anything, > that enable it without a plugin or an extension (but with care and > with some fences around it to prevent).[...] > >> > >> > >> I certainly don't know enough about the subject even though I read > all the cited draft, specs and related discussion online, and I don;t > have the experience that some (most) of you guys here have. But It > does not mean I don't have a point. I also do not pretend to know > enough, and I would have no problem joining any kind of informal task > force including chrome and mozilla people, at anytime of the day or > night (I'm 15 hours away from pacific time) and try super hard to > understand all aspects, if such a task force was set up with the will > to find a way to make it happen. I can even code parts and/or dedicate > staff to this. I just would like to see something coming else than > making a plugin. > > > > > > This is the task force. The place to solve this is here. > > > > It's not that hard to understand: > > > > A webpage today is allowed to manipulate content it cannot see. It > can make your bank-account page dance across your screen, but it > cannot see it. Screengrabbing is like giving it a mirror. With that > mirror, it can target and grab all your online information in a > flickeringly short second. Explain that to people. > > What happened to the idea of blacking out all tabs that don't have an > explicit permission set, e.g. something like a meets tag of > "screensharing=allow"? I thought that would mediate this issue. > If it defaulted to "screensharing=disallow" then I would agree. But I like the idea. Is there no existing "possibly sensitive information" tag or formula we could key off of for a better default? A whitelist of bank sites? > Silvia. > .: Jan-Ivar :.
Received on Sunday, 12 January 2014 22:19:52 UTC