Hello blink-dev,
We’d like to ask for an extension to our Origin Trial, from M124 to M130. This is due to the dependency on isolated web apps.
https://github.com/screen-share/capture-all-screens/blob/main/README.md
https://screen-share.github.io/capture-all-screens
https://screen-share.github.io/capture-all-screens
https://github.com/screen-share/capture-all-screens/blob/main/README.md
Capture all the screens currently connected to the device using getAllScreensMedia(). Calling getDisplayMedia() multiple times requires multiple user gestures, burdens the user with choosing the next screen each time, and does not guarantee to the app that all the screens were selected. getAllScreensMedia() improves on all of these fronts. (As this feature has extreme privacy ramifications, it is only exposed behind an enterprise policy, and users are warned before recording even starts, that recording *could* start at some point.)
https://github.com/w3ctag/design-reviews/issues/856
Complete
GetAllScreensMedia
https://github.com/screen-share/capture-all-screens/issues
https://github.com/screen-share/capture-all-screens
This API is only available to origins allowlisted by administrators through a policy. The policy itself is non-standard, limiting even theoretical interoperability.This API rejects requests from pages that are not allow-listed through an administrator. The likelihood of this API being adopted by a browser that does not provide administrators mechanisms to manage clients is low.
Gecko: N/A
WebKit: N/A
Web developers: Positive (https://github.com/screen-share/capture-all-screens/issues/9)
Other signals:
No
The challenge for developers is the limitation of the API to origins allowlisted by an enterprise policy.
1. Risk of malicious sites exploiting the API and gaining access to sensitive information on users' devices. This risk is mitigated by the API only being accessible to origins allowlisted by an enterprise policy.
2. Risk of users loading private information that gets recorded and made available to apps affiliated with their device's admin. This risk is mitigated by informing users that recording might start at any moment before the API becomes accessible. (In CrOS, this warning is delivered in the log-in screen, and when users log-in despite the warning, this is tantamount to assent.)
3. Risk of users forgetting that their screens are being recorded. This risk is mitigated through a persistent notification.
Learn about the experience of web developers and how this API fulfills their needs.
This API will eventually be released for isolated contexts, which are delayed. Hence, we are asking for an extension of the origin trial.
No
This API is initially implemented on CrOS, where demand for it is greatest, and where we have the most flexibility in offering users early warning that their screens may be recorded if they proceed past the log-in screen. Lessons learned from shipping this API on CrOS will be used when deciding how to correctly implement such warnings on other platforms.
No, as WPTs don’t support setting of managed policies. The API is tested by a number of unit- and browser- tests (Test files).
https://github.com/screen-share/capture-all-screens/blob/main/HOWTO.md
enable-get-all-screens-media
None
None
True
https://issues.chromium.org/issues/40216442
https://launch.corp.google.com/launch/4201060
https://chromestatus.com/feature/6284029979525120
Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEdDZo9N354i6eST0x19TXwpeBtgs5_gJUYVF%2BTKLpiJySDADg%40mail.gmail.com
Intent to Experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/6TRT0XsVOE4/m/NOm-YEQCAgAJ
Simon Hangl
Software Engineer
Google Germany GmbH
Erika-Mann-Straße 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Diese E-Mail ist vertraulich. Falls Sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.
This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.
Hello blink-dev,
We’d like to ask for an extension to our Origin Trial, from M124 to M130. This is due to the dependency on isolated web apps.
Contact emails
Explainer
https://github.com/screen-share/capture-all-screens/blob/main/README.md
Specification
https://screen-share.github.io/capture-all-screens
Design docs
https://screen-share.github.io/capture-all-screens
https://github.com/screen-share/capture-all-screens/blob/main/README.md
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAP0TkgE%2B58Z59SF%3Dpbvrbx8ovaUFC8V0uki7bovVSKg6GAbxOg%40mail.gmail.com.
Hello blink-dev,
We’d like to ask for an extension to our Origin Trial, from M124 to M130. This is due to a dependency on isolated web apps, which are delayed.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAP0TkgF1BfhsLRadATibKed4vQUoV8_PqA_xUUZdXSSFcGZW%2Bw%40mail.gmail.com.
Any reason to not make it available for everyone? Asking for a friend.
Another thing, when extending experiments we want to see evidence of substantial progress on the feature so that it doesn't just roll along until it's burned in by pure inertia. Could you please tell us about the progress since the last extension?
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dad681d8-8adb-4530-bf59-3604c8bc5047n%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6aee109d-77a7-4a01-b4d9-3fcbb4e06b36n%40chromium.org.
Thanks for your response, Yoav. Please find my answers to your questions below:
ad 1) “Why not CSP + trusted types instead of IWAs”: We discussed this with Artur, who initially flagged the vulnerability here. We do enforce these requirements. The API is only exposed in contexts that meet certain requirements on client-side XSS mitigation. These are necessary but not sufficient, as server-side XSS remains a meaningful risk in the absence of the packaging/signing guarantees of IWAs. We're managing that risk during this experimental period via Enterprise policy requirements on the one hand, and OT registration on the other.
ad 2) “What happened between M124 and M128”: We did clarify with the Blink owners whether we could extend the origin trial until M136, to ensure partners can already work with the API followed by the transition to IWAs. The origin trial accidentally was created longer than the formal 6 milestones (see discussions here), which I realized after I applied for extension on this thread. While we did clarify whether we can extend the origin trial with the timelines above, I sincerely apologize for not following the formal process.
ad 3) “Progress towards shipping”: We acknowledge that with our approach we went beyond the intent of an origin trial. We did however check in advance with the Blink owners whether we could follow this approach due to exceptional circumstances in order to
get this API into the hands of selected web developers and
timebox the temporary solution through origin trial to make sure this API does not remain on the drive-by web.
The origin trial is essential to keep current developer momentum and grant enough time for the selected developers to prepare the API launch in context of IWA. Good evidence for progress towards shipping can be seen by the multitude of IWA related work to prepare the upcoming launch (IWA Launch).
I hope to have answered your questions sufficiently. Please let me know if you have any further concerns or follow-up questions.
LGTM2
/Daniel
Thank you for the quick response. Just one correction: the agreement contained an extension until (including) M136 (see my reponse above).
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2e564e02-03a0-463d-8e7b-ed622d12cb3dn%40chromium.org.
LGTM3 to extend experimentation up to and including M131, but no further. Like Vlad, I'd like to see clear evidence of significant progress before considering further extensions.I'm very unhappy with the way this OT was managed. I'm LGTMing as I don't want your partners to bear the costs, but I want to emphasize that my LGTM does not legitimize the following:
- Creating production reliance on an API while it's in OT.
- Doing the above while it's clear that it is not a safe API to ship.
- This is partially on us, the API owners. Artur's comment on that thread should have triggered us to un-LGTM that initial intent, and should have resulted in the original OT never landing. That would have avoided the mess we're in now.
- Multiple milestones where the OT ran without any public approval from the API owners.
Beyond that, it's still not 100% clear to me why IWAs negate Artur's concerns, but I guess that's something we'd discuss on the intent to ship for this feature under IWAs.
LGTM2
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/677e8001-ce0a-4c23-91e7-364611b3bd72n%40chromium.org.