On Fri, Oct 24, 2014 at 3:56 PM, Robert O'Callahan <[email protected]> wrote:
> On Sat, Oct 25, 2014 at 6:17 AM, Ehsan Akhgari <[email protected]> > wrote: > > Can we keep track of where the stream comes from, and make sure to taint > > the images that can come out of them similar to the way that we taint > cross > > origin images by default to prevent them from being read back on the > > client? I think with that, and a prompting similar to the camera > prompting > > of getUserMedia, we may address a good chunk of these issues. (But > > admittedly I haven't thought very carefully about this yet.) > > > > This is hard because normally you want to transmit these screenshots or > sequence of screenshots somewhere. If an app is transmitting them, it can > probably capture them at the other end. > > I guess a permissions approach with an always-on reminder that your screen > is being captured can probably work. Unfortunately, for the reasons I mentioned in the post I linked to above, it's hard for the user to give informed consent here, as they don't understand SOP, CSRF, etc. -Ekr _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
