Prevent screen cap of shared item

fbrownnc
fbrownnc
Community Member

Really love the ability to share items with folks who don't have 1password. Used it recently to share a door code with my son. In doing so, I noticed a slight drawback with sharing with an external user. My son was able to view the card information, but then simply did a screen capture on his phone, so now he has a copy of the information that does not expire. I know that I could change the code, but it would be great if there was an option to prevent copy/print, etc. of the content shared. Think Rights Managment for 1password shared items. What do you think? Is it feasible?

Was one of the many who switched from Lastpass and haven't looked back. 1password, just does so many things, and really appreciate how fixes are addressed. Keep up the good work


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Hi there @fbrownnc

    Restricting what someone does with information after you've given it to them is particularly difficult and is usually trivially circumvented.

    For example, let's say it was somehow possible to prevent you taking a screenshot of the shared item. In those cases, if you're able to read the secret (the door code in this case), what would stop someone from taking a photo of the screen from another device, or writing it by hand on paper? In fact, if it was a 4-digit number, it's probably likely that it can be memorised quite easily.

    You mentioned [Digital] Rights Management, such as you'd find on a DVD or Blu-ray or similar. The problem with things like this is that if I provide you the message (the movie, in this case) in an encrypted form, I also have to give you the key, otherwise you can't decrypt it to watch it. The hard part is that I would have to give you that key in such a way that you couldn't easily find it or retrieve it. This is why DRM for DVD and Blu-ray has been easily circumvented in the past.

    Similarly, even if there was perfect secrecy with something like a DVD's decryption key, someone very determined could just set up a camcorder on a tripod and point it at the TV while the movie plays, then use that video for whatever purpose they want, especially if they were willing to take a drop in quality as the tradeoff.

    Considering the example you mentioned, we'd have to have a system where it was possible to show the password (or other secret) to the recipient, but in a way that somehow prevents them from taking a photo of it, writing it down, memorising it, copying and pasting it somewhere else, and so on. At that point, it becomes more of a trust problem – if you're concerned that someone will use a secret inappropriately, that's not so much a technical matter any more.

    The fact you can have the link expire after n days or by only be viewable once is to render the link itself useless, rather than the secret it's conveying. Limiting it to only be viewable by a certain email address will help in an authentication sense, but doesn't limit the lifetime of the shared secret.

    I hope that helps outline the challenges we'd face in such a situation, but I'm happy to answer any questions you might have. :)

    — Grey

This discussion has been closed.