<table><tr><td style="">ngraham added subscribers: davidre, ngraham.<br />ngraham requested changes to this revision.<br />ngraham added reviewers: Spectacle, davidre.<br />ngraham added a comment.<br />This revision now requires changes to proceed.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D22209">View Revision</a></tr></table><br /><div><div><p>I understand the security implications here, and I don't approve of the change.</p>
<p>In general, security that burdens and annoys the user is at best useless and at worst harmful, because the user will eventually be annoyed into finding a way to bypass it, or stop using the software. The whole "click to acknowledge that you want to take a screenshot" UX on Wayland is a major gripe of mine, and it make Spectacle less useful and elegant than it is on X11. There are even use cases where it would actively destroy the user experience, such as taking a full-screen screenshot to a file while playing an first-person shooter game. In this case, when you hit the screenshot key, you could get killed while the screen is showing the screenshot, and you could fire your gun by accident when you click to acknowledge it, potentially killing a teammate or giving away your position.</p>
<p>I would prefer that we step back and re-examine how we provide authorization to take screenshots on Wayland, because there clearly are real security implications at play here. Instead of demanding authorization via click before every screenshot, perhaps we should allow apps to request blanket screenshot permissions once, not unlike how it's done on modern mobile phones. Then you would authorize Spectacle once, and never have to think about it again.</p>
<p>This would in fact improve security because with fewer permissions requests, the user is more likely to actually read and evaluate each one individually. By contrast, when the user sees them all the time, they're likely to mindlessly click through to get back to what they're doing, like they do on Windows with its UAC spam.</p>
<p>I'm adding <a href="https://phabricator.kde.org/tag/spectacle/" style="background-color: #e7e7e7;
border-color: #e7e7e7;
border-radius: 3px;
padding: 0 4px;
font-weight: bold;
color: black;text-decoration: none;">#spectacle</a> and <a href="https://phabricator.kde.org/p/davidre/" style="
border-color: #f1f7ff;
color: #19558d;
background-color: #f1f7ff;
border: 1px solid transparent;
border-radius: 3px;
font-weight: bold;
padding: 0 4px;">@davidre</a> so we can broaden the conversation and come up with something that works for everyone, results in a pleasant user experience, and retains security.</p></div></div><br /><div><strong>REPOSITORY</strong><div><div>R108 KWin</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D22209">https://phabricator.kde.org/D22209</a></div></div><br /><div><strong>To: </strong>graesslin, KWin, ngraham, Spectacle, davidre<br /><strong>Cc: </strong>ngraham, davidre, davidedmundson, kwin, LeGast00n, sbergeron, jraleigh, fbampaloukas, GB_2, mkulinski, ragreen, jackyalcine, Pitel, iodelay, crozbo, bwowk, ZrenBot, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, jensreuterberg, abetts, sebas, apol, mart<br /></div>