Re: Forever reminded to hit ESC to exit fullscreen

2015-08-16 Thread Sebastian Zartner
On 17 August 2015 at 07:34, Nicholas Nethercote wrote: > On Mon, Aug 17, 2015 at 5:15 AM, Richard Barnes wrote: >> >> But a 2-3 second box for each >> fullscreen transition seems like a small price. > > The box is very prominent and often blocks part of the video, which I > personally find quite

Re: Forever reminded to hit ESC to exit fullscreen

2015-08-16 Thread Nicholas Nethercote
On Mon, Aug 17, 2015 at 5:15 AM, Richard Barnes wrote: > > But a 2-3 second box for each > fullscreen transition seems like a small price. The box is very prominent and often blocks part of the video, which I personally find quite annoying. If the notification were less prominent -- e.g. a strip

Re: Forever reminded to hit ESC to exit fullscreen

2015-08-16 Thread Eric Rescorla
On Sun, Aug 16, 2015 at 8:07 PM, Eric Shepherd wrote: > I have to agree with Gavin here: the risk of this sort of attack occurring > is very low, > Do you have some evidence for this? -Ekr > but the potential for annoying or confusing users with this presentation > is, if not high, at least h

Re: Forever reminded to hit ESC to exit fullscreen

2015-08-16 Thread Eric Shepherd
I have to agree with Gavin here: the risk of this sort of attack occurring is very low, but the potential for annoying or confusing users with this presentation is, if not high, at least high enough to make it overkill. At least having a way (even if it's an about:config only thing) to drop this

Re: Forever reminded to hit ESC to exit fullscreen

2015-08-16 Thread Chris Hofmann
On Sun, Aug 16, 2015 at 5:52 PM, Eric Rescorla wrote: > > > On Sun, Aug 16, 2015 at 5:49 PM, Gavin Sharp wrote: > >> > But a 2-3 second box for each fullscreen transition seems like a >> > small price. >> >> Seems like a pretty large price to me, given a combination of factors: >> - significant

Re: Forever reminded to hit ESC to exit fullscreen

2015-08-16 Thread Eric Rescorla
On Sun, Aug 16, 2015 at 5:49 PM, Gavin Sharp wrote: > > But a 2-3 second box for each fullscreen transition seems like a > > small price. > > Seems like a pretty large price to me, given a combination of factors: > - significant added friction to a common user action ("start watching > this video

Re: Forever reminded to hit ESC to exit fullscreen

2015-08-16 Thread Gavin Sharp
> But a 2-3 second box for each fullscreen transition seems like a > small price. Seems like a pretty large price to me, given a combination of factors: - significant added friction to a common user action ("start watching this video in fullscreen") - low likelihood that the type of attack this mi

Re: Forever reminded to hit ESC to exit fullscreen

2015-08-16 Thread Richard Barnes
This prompt is an important part of the security story for fullscreen. Since a fullscreen web app can hijack your entire browsing session, it's important that the user know that he's entering fullscreen and not looking at an actual browser window -- and to know that every time something goes fullsc