This thread was posted by one of our members via one of our news source trackers.
Corresponding tweet for this thread:
Share link for this tweet.
This is interesting… I didn’t know you could screen-share via Safari - potential security risk?
*Goes to see how I can turn this off at a sys level…
All of these are the so-called web APIs. They can do a ton of stuff…
Have you used it at all Dimi? Are they separate tools or one and the same?
I wouldn’t mind so much if that perm ONLY allows access to the webpage that you are on at that exact time, but if they can see the entire screen then this is a needless security risk and can’t see why Apple thought it’s a good idea. I hope the system settings in my screengrab override the browser permission if it does in fact share the whole screen as it’s basically the same thing in that case.
I wonder if we should ask Jeffrey Paul to look into this
Nope, I didn’t, but I started getting security conscious in the last year or so and started looking at what browsers can do. It’s crazy. They are almost an OS at this point. These efforts that the browsers can do everything should be severely dialled back at some point!
…or just controlled at the OS/user level.
Tbh I have been thinking a lot about how intrusive tech is becoming - from what companies glean from all that data they compile about us to the actual data they collect (often without our knowledge). Perhaps the only way to rectify this is going to be by campaigning for better laws
Remember that extensions installed in the browser have more permissions then they should and they can do a lot of harm in the hands of the wrong developers.
Its a know issue the some well intention-ed extensions get acquired and then start to spy on you or steal your data.
Do you use a popular browser extension? How confident are you that the creator wouldn’t accept a $10k offer to hand it over only to have it then go rogue on you? https://twitter.com/nikolaihampton/status/1037449795604905985
Oh, I know all of that. Sadly.
But the industry doesn’t want to move away from that model. Nobody wants to pay for a better platform developed from scratch. Nobody even wants to pay for a browser platform with most of the OS privileges taken away.