惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Last Watchdog
The Last Watchdog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LINUX DO - 热门话题
G
GRAHAM CLULEY
S
Schneier on Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
Recorded Future
Recorded Future
I
Intezer
云风的 BLOG
云风的 BLOG
博客园 - Franky
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
T
Tenable Blog
The Hacker News
The Hacker News
T
The Blog of Author Tim Ferriss
Attack and Defense Labs
Attack and Defense Labs
D
DataBreaches.Net
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
News and Events Feed by Topic
有赞技术团队
有赞技术团队
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
N
News and Events Feed by Topic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Secure Thoughts
The Register - Security
The Register - Security
B
Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
The Cloudflare Blog
Webroot Blog
Webroot Blog
W
WeLiveSecurity
H
Heimdal Security Blog
博客园 - 三生石上(FineUI控件)
V
Vulnerabilities – Threatpost
G
Google Developers Blog
O
OpenAI News
V
V2EX
罗磊的独立博客
博客园_首页
N
News | PayPal Newsroom
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
TaoSecurity Blog
TaoSecurity Blog
Cloudbric
Cloudbric
H
Hacker News: Front Page
博客园 - 叶小钗
T
Tor Project blog
AI
AI

Comments for Lauren Weinstein's Blog

Chrome Remote Desktop – Lauren Weinstein's Blog How Some Software Designers Don’t Seem to Care About the Elderly – Lauren Weinstein's Blog Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme – Lauren Weinstein's Blog Social Security Administration Cutting Off Users Who Can’t Receive Text Messages – Lauren Weinstein's Blog YouTube’s Public Videos Dilemma – Lauren Weinstein's Blog YouTube’s Public Videos Dilemma – Lauren Weinstein's Blog Why We May Have to Cut Europe Off from the Internet – Lauren Weinstein's Blog Don’t Blame YouTube and Facebook for Hate Speech Horrors – Lauren Weinstein's Blog A Terrible Decision by the Internet Archive May Lead to Widespread Blocking – Lauren Weinstein's Blog Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily – Lauren Weinstein's Blog Another Massive Google User Trust Failure, As They Kill Louisville Fiber on Short Notice – Lauren Weinstein's Blog Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening – Lauren Weinstein's Blog The Tool That Could Save Google+ Relationships – Lauren Weinstein's Blog Google Finally Speaks About the G+ Shutdown: Pretty Much Tells Users to Go to Hell – Lauren Weinstein's Blog Paid “Ad-Free” YouTube Premium Is Now Showing Ads – Lauren Weinstein's Blog The New “Google Contacts” – Lauren Weinstein's Blog A New Invite-Only Forum for Victims of Google’s Google+ Purge – Lauren Weinstein's Blog How to Disable Gmail’s Annoying New “Smart Compose” Predictive Typing Feature – Lauren Weinstein's Blog Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily – Lauren Weinstein's Blog Fixing Google’s Gmail Spam Problems – Lauren Weinstein's Blog Explaining YouTube’s VERY Cool New Aspect Ratio Changes – Lauren Weinstein's Blog Why We May Have to Cut Europe Off from the Internet – Lauren Weinstein's Blog When Google Gets Your Location Wrong! – Lauren Weinstein's Blog A Terrible Decision by the Internet Archive May Lead to Widespread Blocking – Lauren Weinstein's Blog Emergency Transition to IPv7 Is Necessary! – Lauren Weinstein's Blog
Google Asked Me How I’d Fix Chrome Remote Desktop — Here’s How! – Lauren Weinstein's Blog
Lauren · 2017-07-25 · via Comments for Lauren Weinstein's Blog

Since my posting a few days ago of “Another Google Accessibility Failure: Chrome Remote Desktop” — https://lauren.vortex.com/2017/07/21/google-accessibility-failure-crd — I’ve been contacted by a number of Googlers whom I know, asking me specifically how I’d address the accessibility problems that I noted therein. These queries were all friendly of course — not of the “put up or shut up” variety!

OK, I’ll bite. And Google can have this one for free — but like I’ve said before, this isn’t really rocket science.

Before I begin, I’ll answer another question that a number of readers have posed to me in response to that same post.

Why do I think that Google has so long ignored these sorts of problems with Chrome Remote Desktop (and various other of their products, for that matter)?

Without addressing Chrome Remote Desktop (CRD) or Google products specifically in this context, I’ll offer one possible explanation.

Around the information tech industry, it just isn’t usually considered to be career enhancing to be working on older software fixes and/or improvements, even when that application is fairly important and widely used.

By and large, most software engineers feel that rising on the career ladder is facilitated by working on new and “sexy” projects, not by being assigned to the “maintenance detail” — so to speak.

That’s a difficult corporate cultural problem, but a very important one to solve.

All right, let’s get back to Chrome Remote Desktop.

Here’s how I would fix the most glaring accessibility problem that I’ve noted regarding CRD operations — the damned “share mode ten minute timeout” (which, as I’ve noted in the referenced post above, actually can push users into terrible security practices when they attempt to work around the sorts of problems that the timeout causes — please see that previous post for details about this).

There are various somewhat complex ways to approach this issue — such as permitting the local user (the user who is sharing their screen with a remote user) to specify a desired timeout interval.

But the most straightforward and likely most useful approach for now in most cases would be to permit the local user to simply disable that timeout at the start of individual sessions, for the duration of those sessions.

Currently, when a local user provides a one-time CRD access code to a remote user, and the remote user attempts to connect using that code, the local user is presented with a dialogue box (which varies a bit across operating system platforms) that typically looks like this:

Obviously, only the local user can interact with this dialogue. They click “Share” if they wish to accept the connection.

And this is the obvious location to place a “session timeout disable” flag, as emphasized in my quickie demo mock-up here:

It’s that simple — and that logical. This checkbox (which defaults to timeouts enabled) only applies to the current session. The usual ten minute timeout is automatically restored for the next session.

– – –

Addendum: As suggested in the first comment on this post today, it would be reasonable to also provide this same timeout disable option in the actual ten minute timeout popup dialogue boxes themselves, so that even if the local user did not disable timeouts at the start of a session, they’d be able to later disable them for the remainder of the session if they so chose.

– – –

We probably should remind the local user that they’ve disabled timeouts for a session. There are logical places to do this, too.

CRD already provides a warning to local users that they’ve shared their desktop. For example, in Chrome OS (e.g. Chromebooks), a dialogue box like this is used:

An information notification is also popped up for the user with the same information in the Chrome OS notification area.

The CRD implementations for other OSes behave similarly. Windows systems provide a “currently sharing” dialogue box similar to the above, and also display a “floating” notification:

For all of these info notifications when timeouts have been disabled, it would be straightforward to add within them a text “warning” such as:

Timeouts have been disabled for this session.

If we’re feeling particularly paranoid about this — even given all of the other security elements that have already been satisfied to get the sharing connection open in the first place — we might want to add some sort of new warning box that can’t be covered, minimized, or moved by remote users, providing the same reminder that timeouts have been disabled.

That’s pretty much the whole enchilada. This paradigm should not be difficult to implement, and from security, usability, and accessibility standpoints overall it’s definitely a big plus for Chrome Remote Desktop users.

OK, Google — the ball’s back in your court!

–Lauren–