Proposal: Add "No Screen Sharing" Flag for Secure Messaging Apps

2 pointsJoelJacobson1y ago5 comments

End-to-end encryption is pointless if you can be tricked into screen sharing. I’d like to see OS-level APIs let app developers set a "no screen sharing" flag that automatically blanks/obscures the app's contents during screen capture or remote control. This would be per-app and cannot be disabled by users—so secure messaging apps (e.g., Signal) could opt in, preventing accidental leaks via screen sharing.

Questions for HN:

    - What problems do you see with the approach?
    - Any better approaches?

5 comments

elmerfud1y ago

I strongly object to this idea that this is not under user control. Far too many companies and governments seek to control what their users do with data and information and devices that are supposed to be in the control of the user. If you don't trust someone to handle secure information securely perhaps you shouldn't be sending them secure information.

If you're saying you want this to be an optional thing, perhaps even defaulted to enabled to protect grandma from doing something, then I would support that. But it needs to be optional. This mindset of a company can dictate every potential use case to end users is foolishness and doesn't slow down hackers but just irritates normal users who need those features. Just like right now apps can flag whether you can do screenshots or not. In normal situations banking apps other secure messaging apps one time view of photo apps this is all quite useful but it shouldn't be an enforced requirement that you have to then hack your phone to override it. It should be a default that's enabled that you can then disable. Now if you want the sending party to know if you've disabled that feature that's fine as well it's simply more information. Then the sender can decide what they want to do. The idea of completely removing control as if you know better needs to stop.

Things will not get better with technology or literally anything if we cannot require people to be responsible for their actions. Sensible defaults are great a sensible default to have this on is fine a system that notifies other parties during a communication if it's on or off is fine. Removal of control from the user is wrong.

JoelJacobsonOP1y ago

I agree that having options is crucial, but we also need to consider how these options fit together to ensure system-wide safety by design. To actually mitigate screen-sharing risks, you need a combined hardware/OS and secure communication app where the “No Screen Sharing” feature can’t be turned off—and that setup has to be widely used for it to matter at scale.

Hardware/OS choice is the first step. Some platforms, like iOS, are already more sandboxed than, say, Android. I personally use iOS and feel comfortable trusting Apple’s approach, even though zero-day exploits remain a possibility. For my server needs, I use Linux and appreciate full control and root access—but that’s a separate use case.

App choice is the second step. Secure messengers like Signal prioritize privacy as a core feature, while many other messaging apps don’t. If a few high-profile apps enforced “No Screen Sharing,” the people who genuinely need or want to share their screen could always switch to a different app. So in practice, this feature wouldn’t prevent screen sharing entirely; it would just block it in contexts where security is paramount.

All of which is to say: optionality still exists—you can choose a less-restrictive OS or a different communication app. But for those who opt into a more locked-down environment, having a secure messenger that outright prevents screen sharing can make all the difference in avoiding accidental leaks or social engineering attacks.

elmerfud1y ago

This seems like a very close-minded response from someone who has hubris that doesn't really understand leaks and attacks. None of this prevents accidental leaks or social engineering attacks All it does is interfere with people who want to have more choice in what they do because it is impossible for you to know everyone's situation or use case. You are only preventing screen sharing That's it nothing else and you cannot make a claim that it's doing anything beyond that. So like every copy protection scheme and DRM scheme that has ever been devised it only inconveniences legitimate users doing legitimate things and doesn't slow down or prevent any bad actor from doing bad things.

When you begin to view your users as the enemy by instituting manipulation and control over their use you set yourself up for a hostile relationship with your user base. When your company is big enough and you've locked in your market that does work for a while.

1 more reply

aboardRat41y ago

I don't think it is appropriate (and feasible) to let app an developer decide how exactly and when _I_ share _MY_ screen on _MY_ phone.

j / k navigate · click thread line to collapse

5 comments

elmerfud1y ago

JoelJacobsonOP1y ago

elmerfud1y ago

1 more reply

aboardRat41y ago

I don't think it is appropriate (and feasible) to let app an developer decide how exactly and when _I_ share _MY_ screen on _MY_ phone.

j / k navigate · click thread line to collapse