Ready for Trial: Multi-surface capture with auto-accept (for managed sessions only)
Simon Hangl
Contact emails
Explainer
https://github.com/screen-share/capture-all-screens/blob/main/explainer.md
Specification
https://screen-share.github.io/capture-all-screens/
Design docs
https://screen-share.github.io/capture-all-screens
https://github.com/screen-share/capture-all-screens/blob/main/explainer.md
Summary
Web apps will be able to capture multiple surfaces at once.
This feature introduces a new API "getAllScreensMedia()" that allows developers to request several surfaces at once (instead of only one with "getDisplayMedia()"). This API will auto-accept capture requests (for managed sessions only), guarded by policies that have to be explicitly set by the device owners and with clear usage indicators so that users are aware of capturing at all times.
Blink component
TAG review
None
TAG review status
Pending
Risks
Interoperability and Compatibility
This API rejects requests from pages that are not allow-listed through an administrator. The likelihood of this API being adopted by a browser that does not provide administrators mechanisms to manage clients is low.
Gecko: N/A - given that the API is limited to managed configurations, it's not clear that requesting a position is needed
WebKit: N/A - given that the API is limited to managed configurations, it's not clear that requesting a position is needed
Web developers: Positive (https://github.com/screen-share/capture-all-screens/issues/9)
Other signals:
Ergonomics
No
Security
Malicious sites exploiting the API and stealing sensitive information shown on the users device: Prevented by enabling the API only for pages allowlisted by the device’s admin.
Users exposing private information on managed devices: Prevented by notifying the user that 1) capture *may* happen in the session, 2) showing a notification when capturing *is* happening and 3) showing a system tray icon when capturing *is* happening (c.f. Privacy comments and approval on https://bugs.chromium.org/p/chromium/issues/detail?id=1300881).
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Goals for experimentation
Learn about the experience of web developers and how this API fulfills their needs.
Ongoing technical constraints
None
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
No
Right now this API is only supported on ChromeOS. The privacy measures (e.g. the right way to notify users on login / API users) will have to be developed for other platforms first. Data from the ChromeOS platform will help to design this on other platforms.
Is this feature fully tested by web-platform-tests?
No, as WPTs don’t support setting of managed policies. The API is tested by a number of unit- and browser- tests (Test files).
DevTrial instructions
https://github.com/screen-share/capture-all-screens/blob/main/HOWTO.md
Flag name
enable-get-all-screens-media
Requires code in //chrome?
True. To support this API, embedders need to implement the ContentBrowserClient::ContentCreateScreenEnumerator interface.
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1300883
Launch bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1300881
Estimated milestones
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/6284029979525120
Links to previous Intent discussions
Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEdDZo9N354i6eST0x19TXwpeBtgs5_gJUYVF%2BTKLpiJySDADg%40mail.gmail.com
Jeffrey Yasskin
Contact emails
Explainer
https://github.com/screen-share/capture-all-screens/blob/main/explainer.md
Specification
https://screen-share.github.io/capture-all-screens/
Design docs
https://screen-share.github.io/capture-all-screens
https://github.com/screen-share/capture-all-screens/blob/main/explainer.md
Summary
Web apps will be able to capture multiple surfaces at once.
This feature introduces a new API "getAllScreensMedia()" that allows developers to request several surfaces at once (instead of only one with "getDisplayMedia()"). This API will auto-accept capture requests (for managed sessions only), guarded by policies that have to be explicitly set by the device owners and with clear usage indicators so that users are aware of capturing at all times.
Blink component
TAG review
None
TAG review status
Pending
Risks
Interoperability and Compatibility
This API rejects requests from pages that are not allow-listed through an administrator. The likelihood of this API being adopted by a browser that does not provide administrators mechanisms to manage clients is low.
Gecko: N/A - given that the API is limited to managed configurations, it's not clear that requesting a position is needed
WebKit: N/A - given that the API is limited to managed configurations, it's not clear that requesting a position is needed
Web developers: Positive (https://github.com/screen-share/capture-all-screens/issues/9)
Other signals:
Ergonomics
No
Security
Malicious sites exploiting the API and stealing sensitive information shown on the users device: Prevented by enabling the API only for pages allowlisted by the device’s admin.
Users exposing private information on managed devices: Prevented by notifying the user that 1) capture *may* happen in the session, 2) showing a notification when capturing *is* happening and 3) showing a system tray icon when capturing *is* happening (c.f. Privacy comments and approval on https://bugs.chromium.org/p/chromium/issues/detail?id=1300881).
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEdDZo91PLDMpuKuUBbqTtWvA9KRBAAJW6MxozCKcaipaGOTbQ%40mail.gmail.com.
Elad Alon
Do you want to work with your screen always being recorded?
Would I have preferred a world where no employer ever recorded their employees? Probably. But I don't think we can build this world. So I prefer this lesser evil.
Simon Hangl
Do you have an Alternatives Considered section somewhere that explains why the bikeshed is painted this color? e.g. this could be `getMultipleDisplayMedia()` and be identical to `getDisplayMedia()` except that it returns a sequence<> and lets the user pick more than one screen to present. The UI could have a checkbox for "all screens" if that's a common option. There could be an enterprise policy to auto-accept requests from a particular origin, but such an API could also be useful on the open web, as Elad argued in https://github.com/w3c/mediacapture-screen-share/issues/204.
I added a paragraph with the considered alternative in the explainer here.
Simon Hangl
Software Engineer
Google Germany GmbH
Erika-Mann-Straße 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Diese E-Mail ist vertraulich. Falls Sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.
This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.