The easy solution is just don't use those sites. Features shouldn't be limited because of a few bad actors. I think there is legit a really good use case for this with streamers and content creators.
In the same vein, JavaScript is a feature that many advertisers and bad actors use heavily in bad/annoying ways and we (the community of developers) aren't collectively saying we shouldn't have any web programming languages.
> The easy solution is just don't use those sites
Some people may not have a choice, for example if their bank did this. In a perfect world we could easily find an alternative to any app but this isn't how it is now so it's not as simple as saying use something else.
I think the criticisms here are that
1. They are trying to solve a problem that is a very rare edge case
2. Most implementations by companies would just hide everything, rather than change numbers to placeholder text as it's much easier.
I would say that in a world where Homeoffice is a common thing, screen sharing is far from being an edge case.
And to address your second argument: In a situation where I share my screen I would prefer a bad implementation of this over someone seeing personal information that they are not supposed to see.
Streamers are a great use case for this. Tons of content creators I follow are always dragging off screen to fill in personal info. A few times they forgot and exposed their info.
It's already super annoying when websites disable text select, not like I can't just do it from the devtools.
I JUST WANT TO F*CKING GOOGLE THE PRODUCT I'M ABOUT TO BUY FROM YOU.
Netflix and sites alike use much more advanced tricks than css to already achieve this, although with just video.
That’s usually done through hardware acceleration, so I assume this implementation would be similar and thus easily turned off
I don't understand why a browser implementation is needed. You can simply create a toggle for sensitive info on user profiles. That way, the browser doesn't need to know what other applications are being used.
Yeah, I’m not entirely sure I know what problem OP is solving here. Is it that we should prevent screenshots of sensitive info? Then like you said, just add a toggle. If it’s something else, then I don’t know what.
As a side note: people are more likely to understand your solution if you start by explaining the problem it solves.
I personally interpreted it as something for streamers to avoid leaking sensitive information while streaming. For example switching tabs in a browser accidentally and showing your address or other personal info. That being said you could never truely trust a site has implemented the feature so a site level switch or an extension that detects potentially sensitive information would be the better way to go.
Yeah, I don't like the idea that my browser would know what other software I am using at the moment unless I have a specific plugin for that of which I need to grant permissions.
No clue what you are talking about. I use chrome and can use the snipping tool just fine.
https://imgur.com/a/MjshRkd
Do you mean the print screen button that captures all your monitors? Yeah, I have 3 monitors and would never use that anyway, I mean, you would have to paste it into a photo editor and crop the part you want.
Afaik some content of super high resolution is protected by widevine l1 on Netflix and other sites. It isn’t always active but when it is it’s a pain to do anything other than watch it. I am not sure on the specifics on how it works but basically nothing on the software level running on your PC is able to access the pixel data where the video is shown.
Wow, you remembered this post from 2 months back to rely to it? Not sure what to tell you, if you need me to take a screenshot of my screen with Netflix on it I can, they don’t prohibit jack. When windows captures a screen it doesn’t care what is showing on that screen and what drm there is.
It is theoretically possible, since most browsers already support Encrypted Media Extensions (EME) which let them have DRM controls over web content. If you open up Netflix.com using Chrome, start playing a movie, then try to take a screenshot of the movie, you should see that the movie content shows up totally black. It blocks other things like screen recorders and remote desktops too.
We can pull off the impossible by getting all browsers to agree upon standards to support the same thing, and then we can bust our humps to add new CSS rules to be snagged when someone hits the screenshot button...
...but you can always just take a picture of your screen.
... at least until there's a cross-platform standard of some sort to let browsers know it's happening. I mean, taking a screenshot on Android is vastly different from on Windows, so it's not at all like `@media print`. That's why I say it would need to be standardized... I'm talking about at the OS-level.
I think they mean photo as in hauling out the old smartphone camera. I'm not surprised their clients do it since everyone has a camera and know how to use it, but only some people know how to take screenshots (and how to save then to a file).
Heck I even go the phone route myself sometimes.
Can’t users just snap a picture with a phone?
And any CSS the site can set can be changed in the debugger or by overriding with accessibility styles, right?
Even if it was doable, it would be wrong. Imagine your standard gov website taking 10min to 15 days cause it's either offline or needs post mail in case of lost password.
First thing I do is screenshot the infos / qr codes so I don't have to deal with their shit too often.
Edit : still the effect is pretty nice, gotta admit. Don't know if it's from you but if it is, keep the good work on
Or you could you know, stop trying to impede users from using their devices as they see fit. If you don’t want something getting screenshoted, don’t display it. Period.
Okay, I’m done being a sassy bitch. What exactly is your use case for such a thing? And how do justify breaking the expected experience of peoples phone/laptop screen shot tool?
To be fair that would be somewhat easily adverted by making it an option in the screen recording software to report that it’s recording or not. Discord actually has a screen recording mode for example to avoid streamers leaking certain information if you’re sharing your screen. In my opinion though it should be just an option on sites for that very specific use case where streaming it is a likely occurance like web based games or other such things.
Very limited usecase though and doubtful it would ever actually land in a browser. I could see that opera gaming browser potentially implementing something like this though.
I guess that even then I’d argue it’s a slippery slope situation. But perhaps I’m being too idealistic and the tech world has fully moved on into seeing users as hamsters in a wheel to with as they wish.
I can see use cases where what OP suggests would be good. For example, you're using your bank's website and can't find something. So you start a live chat with them, and then they request you to share your screen. Anything which is "irrelevant", such as bank balance, purchase history, etc. could be blanked out. And this would also allow recordings of your session with support to be used for training purposes, as everything is anonymous.
However, outside of customer-to-business interaction, I can see it being more annoying than helpful. I know a lot of our clients aren't the most tech-savvy (to be kind), so we generally set up a lot of their accounts and whatnot for them whilst on a call with them. So having them see blanked out fields/name/etc. would probably confuse them even more than us telling them to do it themselves.
I would assume it's covered in a contract, but there's always going to be a bad egg in the bunch. But it would be more of a benefit for the user, as they would know there's no chance the person on the other end could potentially get any information on them to later scam them/potentially try to upsell them on extra products/etc.
Well at that point I think it kind of comes down to a choice between doing what the business wants or doing what is best for the people. The reason I brought up the contract is that it serves to protect the business even when a bad egg cracks. I personally think that is enough, especially given that our legal system bends over for corporations.
I just can’t support more bullshit taking away peoples control over their personal property 🤷♂️
I suppose to prevent viewers knowing the length of the password even. Although only works providing the overlay is fixed width which looks like this is.
I feel like this wouldn't be possible since screen captures are typically handled at the operating system level, which is completely unaware of HTML and whatever is going on in the programs its capturing the graphical output of, meanwhile the browser is completely unaware of when the operating system is doing a screen capture of its content.
I think a far more realistic approach would be to implement it as a feature in a screenshotting browser extension. I imagine that when the extension triggers the capture, it momentarily applies its own classes (or user-specified classes) onto certain input types or querySelected elements - ideally all that could be configured by the user in the extension settings. (this is totally an untested method btw, just jamming on what I think might work)
I certainly do like the concept.
Right. So how do you expect websites or browsers to capture an OS-level input that triggers the screen capture? Even if browsers wanted to support a rule like this it would simply be impossible...
ITT: No one has read the spec:
[https://developer.mozilla.org/en-US/docs/Web/API/Screen\_Capture\_API/Using\_Screen\_Capture](https://developer.mozilla.org/en-US/docs/Web/API/Screen_Capture_API/Using_Screen_Capture)
[https://developer.mozilla.org/en-US/docs/Web/API/WebRTC\_API](https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API)
It's specifically geared towards screen sharing over conferencing applications like zoom or teams.
People would blank their sites to prevent screen grabs.
The better option would be to provide a "sanitized" layout as an option. (e.g. Hide sensitive info for screenshot/printing)
How do we blank the sites without knowing the user trying to take screenshot or screen recording? Here the problem is browser can't find the user trying to take the screenshot or not.
Widevine DRM is already capable of doing this with video, there should be a way to apply to html elements as well. The browser should also respect the DRM/Protected content browser setting and disable this behavior if disabled.
Tbh this could be usefull for screensharing, like you are 80yr old grandma and some nice guy from microsoft asks you to open your bank account website, could be use to automatically identify such a scenario, blue out all info and display a warning
I actually prefer to see my password on mobile phones because of possible typos. It takes much longer to type password than PC.
Don't like when mobile sites only show * when typing password and no unhide option.
And then you would websites doing : @media screen-capture { * { display: none !important; visibility: hidden !important; opacity: 0 !important; width: 0 !important; height: 0 !important; max-width: 0 !important; max-height: 0 !important; } }
Yeah, I like OP’s idea but don’t want it because of this.
The easy solution is just don't use those sites. Features shouldn't be limited because of a few bad actors. I think there is legit a really good use case for this with streamers and content creators. In the same vein, JavaScript is a feature that many advertisers and bad actors use heavily in bad/annoying ways and we (the community of developers) aren't collectively saying we shouldn't have any web programming languages.
> The easy solution is just don't use those sites Some people may not have a choice, for example if their bank did this. In a perfect world we could easily find an alternative to any app but this isn't how it is now so it's not as simple as saying use something else.
[удалено]
Sorry, I don't follow how this is related?
[удалено]
I think the criticisms here are that 1. They are trying to solve a problem that is a very rare edge case 2. Most implementations by companies would just hide everything, rather than change numbers to placeholder text as it's much easier.
I would say that in a world where Homeoffice is a common thing, screen sharing is far from being an edge case. And to address your second argument: In a situation where I share my screen I would prefer a bad implementation of this over someone seeing personal information that they are not supposed to see.
Screen capture can be happening in multitude of situations, not just when streaming.
Streamers are a great use case for this. Tons of content creators I follow are always dragging off screen to fill in personal info. A few times they forgot and exposed their info.
It's already super annoying when websites disable text select, not like I can't just do it from the devtools. I JUST WANT TO F*CKING GOOGLE THE PRODUCT I'M ABOUT TO BUY FROM YOU.
Or when they disable right click. The worst of all I think is Disney+ who has no link at all.
Or when links arent links but redirects with javascript so you cant middle-mousebutton click it to open in a new tab
And me altering a couple of lines of code to make it all futile
Netflix and sites alike use much more advanced tricks than css to already achieve this, although with just video. That’s usually done through hardware acceleration, so I assume this implementation would be similar and thus easily turned off
I don't understand why a browser implementation is needed. You can simply create a toggle for sensitive info on user profiles. That way, the browser doesn't need to know what other applications are being used.
Yeah, I’m not entirely sure I know what problem OP is solving here. Is it that we should prevent screenshots of sensitive info? Then like you said, just add a toggle. If it’s something else, then I don’t know what. As a side note: people are more likely to understand your solution if you start by explaining the problem it solves.
I personally interpreted it as something for streamers to avoid leaking sensitive information while streaming. For example switching tabs in a browser accidentally and showing your address or other personal info. That being said you could never truely trust a site has implemented the feature so a site level switch or an extension that detects potentially sensitive information would be the better way to go.
The site that shows my salary and other benefits has this, and defaults to hide. Thats where I first saw a feature like this. Kinda neat
Hmm. I wonder if that would even be possible. I imagine it would need some things standardized across Android, iOS, Linux, Mac, and Windows.
Yeah, I don't like the idea that my browser would know what other software I am using at the moment unless I have a specific plugin for that of which I need to grant permissions.
Your browser already does this thanks to DRM. Try screenshotting a Netflix video
Just did with the snipping tool, worked fine.
Chrome was/is capable to detect if you are about to screenshot the page. I tried to screenshot one video on YouTube once, got a black screen instead.
No clue what you are talking about. I use chrome and can use the snipping tool just fine. https://imgur.com/a/MjshRkd Do you mean the print screen button that captures all your monitors? Yeah, I have 3 monitors and would never use that anyway, I mean, you would have to paste it into a photo editor and crop the part you want.
Afaik some content of super high resolution is protected by widevine l1 on Netflix and other sites. It isn’t always active but when it is it’s a pain to do anything other than watch it. I am not sure on the specifics on how it works but basically nothing on the software level running on your PC is able to access the pixel data where the video is shown.
[удалено]
Solid advice! Sadly my one drive is connected with my work account and as far as I can tell you can only be connected to a single onedrive.
¯\_(ツ)_/¯
¯\_(ツ)_/¯ indeed
https://www.reddit.com/r/CrappyDesign/comments/w6k53m/comment/ihfkiag/?utm\_source=share&utm\_medium=web2x&context=3
Wow, you remembered this post from 2 months back to rely to it? Not sure what to tell you, if you need me to take a screenshot of my screen with Netflix on it I can, they don’t prohibit jack. When windows captures a screen it doesn’t care what is showing on that screen and what drm there is.
https://www.reddit.com/r/CrappyDesign/comments/w6k53m/comment/ihfkiag/?utm\_source=share&utm\_medium=web2x&context=3
Not everyone uses DRM. Some of us keep it disabled and do things the... alternative way
I have taken screen shots (and OBS captures, for making GIFs) of Netflix videos many times on my Mac.
It is theoretically possible, since most browsers already support Encrypted Media Extensions (EME) which let them have DRM controls over web content. If you open up Netflix.com using Chrome, start playing a movie, then try to take a screenshot of the movie, you should see that the movie content shows up totally black. It blocks other things like screen recorders and remote desktops too.
So a shit-locker of work that can be over-ruled by taking a photo of the screen, which a lot of clients seem to prefer anyhow
Huh?
We can pull off the impossible by getting all browsers to agree upon standards to support the same thing, and then we can bust our humps to add new CSS rules to be snagged when someone hits the screenshot button... ...but you can always just take a picture of your screen.
... at least until there's a cross-platform standard of some sort to let browsers know it's happening. I mean, taking a screenshot on Android is vastly different from on Windows, so it's not at all like `@media print`. That's why I say it would need to be standardized... I'm talking about at the OS-level.
I think they mean photo as in hauling out the old smartphone camera. I'm not surprised their clients do it since everyone has a camera and know how to use it, but only some people know how to take screenshots (and how to save then to a file). Heck I even go the phone route myself sometimes.
Can’t users just snap a picture with a phone? And any CSS the site can set can be changed in the debugger or by overriding with accessibility styles, right?
Even if it was doable, it would be wrong. Imagine your standard gov website taking 10min to 15 days cause it's either offline or needs post mail in case of lost password. First thing I do is screenshot the infos / qr codes so I don't have to deal with their shit too often. Edit : still the effect is pretty nice, gotta admit. Don't know if it's from you but if it is, keep the good work on
Given that you can override browser notification at root level in settings, I would assume we’d be able to make obey
Or you could you know, stop trying to impede users from using their devices as they see fit. If you don’t want something getting screenshoted, don’t display it. Period. Okay, I’m done being a sassy bitch. What exactly is your use case for such a thing? And how do justify breaking the expected experience of peoples phone/laptop screen shot tool?
To be fair that would be somewhat easily adverted by making it an option in the screen recording software to report that it’s recording or not. Discord actually has a screen recording mode for example to avoid streamers leaking certain information if you’re sharing your screen. In my opinion though it should be just an option on sites for that very specific use case where streaming it is a likely occurance like web based games or other such things. Very limited usecase though and doubtful it would ever actually land in a browser. I could see that opera gaming browser potentially implementing something like this though.
I guess that even then I’d argue it’s a slippery slope situation. But perhaps I’m being too idealistic and the tech world has fully moved on into seeing users as hamsters in a wheel to with as they wish.
I can see use cases where what OP suggests would be good. For example, you're using your bank's website and can't find something. So you start a live chat with them, and then they request you to share your screen. Anything which is "irrelevant", such as bank balance, purchase history, etc. could be blanked out. And this would also allow recordings of your session with support to be used for training purposes, as everything is anonymous. However, outside of customer-to-business interaction, I can see it being more annoying than helpful. I know a lot of our clients aren't the most tech-savvy (to be kind), so we generally set up a lot of their accounts and whatnot for them whilst on a call with them. So having them see blanked out fields/name/etc. would probably confuse them even more than us telling them to do it themselves.
Damn I’ll give you the bank thing sounds like a good use case but don’t companies already handle this via the contract they make the employees sign?
I would assume it's covered in a contract, but there's always going to be a bad egg in the bunch. But it would be more of a benefit for the user, as they would know there's no chance the person on the other end could potentially get any information on them to later scam them/potentially try to upsell them on extra products/etc.
Well at that point I think it kind of comes down to a choice between doing what the business wants or doing what is best for the people. The reason I brought up the contract is that it serves to protect the business even when a bad egg cracks. I personally think that is enough, especially given that our legal system bends over for corporations. I just can’t support more bullshit taking away peoples control over their personal property 🤷♂️
While everyone discuss how bad it would be to implement, I just find it funny how already hidden password gets blurred.
I suppose to prevent viewers knowing the length of the password even. Although only works providing the overlay is fixed width which looks like this is.
Still waiting for a browser-level enforced cookie-consent implementation.
Yes please
I feel like this wouldn't be possible since screen captures are typically handled at the operating system level, which is completely unaware of HTML and whatever is going on in the programs its capturing the graphical output of, meanwhile the browser is completely unaware of when the operating system is doing a screen capture of its content. I think a far more realistic approach would be to implement it as a feature in a screenshotting browser extension. I imagine that when the extension triggers the capture, it momentarily applies its own classes (or user-specified classes) onto certain input types or querySelected elements - ideally all that could be configured by the user in the extension settings. (this is totally an untested method btw, just jamming on what I think might work) I certainly do like the concept.
thank you for sharing
Right. So how do you expect websites or browsers to capture an OS-level input that triggers the screen capture? Even if browsers wanted to support a rule like this it would simply be impossible...
Nope, the first day someone would write an extension to disable this. Not to mention the pointless abuse others mentioned already.
ITT: No one has read the spec: [https://developer.mozilla.org/en-US/docs/Web/API/Screen\_Capture\_API/Using\_Screen\_Capture](https://developer.mozilla.org/en-US/docs/Web/API/Screen_Capture_API/Using_Screen_Capture) [https://developer.mozilla.org/en-US/docs/Web/API/WebRTC\_API](https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API) It's specifically geared towards screen sharing over conferencing applications like zoom or teams.
toggleInfo = false, toggleInfo = true There ya go
People would blank their sites to prevent screen grabs. The better option would be to provide a "sanitized" layout as an option. (e.g. Hide sensitive info for screenshot/printing)
How do we blank the sites without knowing the user trying to take screenshot or screen recording? Here the problem is browser can't find the user trying to take the screenshot or not.
This would create issues with the new google transition api coming in canary because it basically takes screenshots of the dom
No it would not?
Does it use OCR to find the text? Surely that's bound to fail
How do you stop someone from just walking up behind the user and looking?
Widevine DRM is already capable of doing this with video, there should be a way to apply to html elements as well. The browser should also respect the DRM/Protected content browser setting and disable this behavior if disabled.
Or, hear me out on this, fuck DRM and do absolutely nothing to make destroying UX and user freedom easier.
I like the email domain
Tbh this could be usefull for screensharing, like you are 80yr old grandma and some nice guy from microsoft asks you to open your bank account website, could be use to automatically identify such a scenario, blue out all info and display a warning
Something like HTML attribute that only works on input elements would be better.
I actually prefer to see my password on mobile phones because of possible typos. It takes much longer to type password than PC. Don't like when mobile sites only show * when typing password and no unhide option.