W3C home > Mailing lists > Public > public-webrtc@w3.org > April 2022

[mediacapture-screen-share] Consider exposing screen share state to websites. (#220)

From: NDevTK via GitHub <sysbot+gh@w3.org>
Date: Sun, 24 Apr 2022 12:54:25 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-1213647168-1650804863-sysbot+gh@w3.org>
NDevTK has just created a new issue for https://github.com/w3c/mediacapture-screen-share:

== Consider exposing screen share state to websites. ==
It seems currently this API exposes the contents of all website with just a attacker controlled navigation.

I think if websites had the global screen recording state maybe via navigator.mediaDevices.isRecording they would be able to implement privacy protections.

- Warning about a navigation causing emails to be listed when recording and using "Sec-Fetch-Site cross-site"
- Redact notifications (I think discord already attempts to detect screen recording on the desktop app)
- Allows banks to panic.

Should probably also be an option to bypass it.

I would be surprised if this was a valid issue and I did understand the API correctly.

Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/220 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 24 April 2022 12:54:26 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 24 April 2022 12:54:28 UTC