Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Beef up privacy and security section with regards to the various risks related to the different surfaces #211

Open
youennf opened this issue Mar 17, 2022 · 2 comments
Open

Beef up privacy and security section with regards to the various risks related to the different surfaces #211

youennf opened this issue Mar 17, 2022 · 2 comments
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response.
Milestone
Candidate Recomme...

Comments

@youennf
Copy link
Collaborator

youennf commented Mar 17, 2022

This is especially important since new APIs allow web pages to influence user selection.
@dontcallmedom dontcallmedom mentioned this issue Mar 18, 2022
Closed
@dontcallmedom dontcallmedom added privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. labels Mar 18, 2022
This was referenced Mar 18, 2022
Open
Open
@eladalon1983
Copy link
Member

@youennf, could you please clarify what is missing?

@youennf
Copy link
Collaborator Author

youennf commented Sep 1, 2022

We are adding things like preselecting getDisplayMedia browser tab pane or disabling focus to the captured area.
As I said in the past, it would be good to assess and mention the risks of such new features.
For instance, these two features might typically ease attacks where the capturer is capturing a tab that is not visible to the user and that it can navigate to arbitrary origins without the user knowing it.

It seems we could beef up browser tab risks:

  • Mention risks specific to tabs. For instance self tab capture is less risky than other same-origin tab capture.
  • Mention that if a captured tab is navigating to a new origin (or maybe is loading third-party content), it might be good to present this information to the user, maybe temporarily disable capture until user decides what to do with it.

IIRC correctly, Chrome is for instance pausing getDisplayMedia capture if the capturing tab is navigating to another domain.
Chrome might have more protections like this and it would be good if the Chrome team could document these protections.

@jan-ivar jan-ivar mentioned this issue Sep 2, 2022
Closed
@jan-ivar jan-ivar added this to the Candidate Recommendation milestone Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response.
Projects
None yet
Milestone
Candidate Recommendation
Development

No branches or pull requests
4 participants
@dontcallmedom @jan-ivar @youennf @eladalon1983