Authorized clients

[Bill Spitzak]

Martin Peres wrote:

> We don't need to trust the client much if we limit the number of 
> screenshots to 1. This way, the worse thing that could happen for your 
> privacy would be if your cat sits on the keyboard and presses "print 
> screen" all the time while you key in sensitive information (unlikely, 
> right?), even if the app just
>
> This is not true. The server can refuse to feed the application with 
> more than one screenshot. This severely restricts the possibilities of 
> using this feature to spy on what a user is doing.

I just don't believe this is going to work.

Screenshot applications I have seen are triggered by a key, yes, but all 
of them then show the initial screenshot to the user and then allow the 
user to change parameters and make a second screenshot. I suppose 
restricting the ui so that the user must hit the same key to trigger a 
second screenshot may work, but I am very worried about any scheme that 
forces ui decisions on clients.

Another concern is that a malware screenshooter could just fake it(maybe 
copying an old screenshot) and then delay until the critical time to 
take the screenshot. A timeout or cancel after too many other surfaces 
are created/destroyed may work but this is sounding like complexity to 
solve a pretty non-existent problem.

> The video capture API concerns me more.

But on Windows most fancy screenshooter applications do both. And users 
do not think of these as being different.

I think you just have to assume that the bound application is "good" and 
is doing what the user wants, even if it can take numerous screenshots 
or opens the video api.