[mediacapture-screen-share] Consider exposing screen share state to websites. (#220)

NDevTK has just created a new issue for https://github.com/w3c/mediacapture-screen-share:

== Consider exposing screen share state to websites. ==
It seems currently this API exposes the contents of all website with just a attacker controlled navigation.

I think if websites had the global screen recording state maybe via navigator.mediaDevices.isRecording they would be able to implement privacy protections.

- Warning about a navigation causing emails to be listed when recording and using "Sec-Fetch-Site cross-site"
- Redact notifications (I think discord already attempts to detect screen recording on the desktop app)
- Allows banks to panic.

Should probably also be an option to bypass it.

I would be surprised if this was a valid issue and I did understand the API correctly.

Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/220 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 24 April 2022 12:54:26 UTC