What prevents a non-fullscreen site from just faking a keyboard with `position: fixed; bottom: 0;`? Really weird stance they're taking here. Kind of excludes an entire class of web applications (full screen games) from being usable on iPad, almost as if the real motivation is to drive you to the app store...
On the Mac, you can switch desktops even while YouTube is full screen. In that case, YT just shows up as an additional desktop in the switcher. I wonder if this YT "feature" would react against doing that.<p>It doesn't if you have dual monitors and are typing on the other, which I do rather often.<p>I'm not particularly inclined to reconfigure to see if that's still the case when switching desktops on a single-monitor setup, since OSX mangles the desktop layouts if you unplug a monitor and reboot.
Perhaps the (non-fullscreen) user interface shouldn't be the only recognizable visual cue which the user depends on before proceeding to trust their computer.<p>Maybe, instead, there ought to not be 'sacred pixels' on the screen, but a <i>secret</i> image to be displayed to the user (which only they recognize and can perhaps even change over time), and only the user, alongside every prompt for user input.<p>Admittedly, this could engender a false sense of trust if the secret image is ever compromised. I think there is an architecture around this, though.<p>The daemon providing the secret image service could simply stop screen sharing applications from reading those pixels. Why not expose the screen as a virtual filesystem, where every pixel has mutable unix permissions? Then, in any secure system, the screen sharing services would merely need to be served its pixels by the secret image server. The secret image server then just has to preserve the condition that programs aren't served secret pixels if they aren't run by a user in the 'secret pixel' entry in /etc/group. Then it would just be a matter of (secret) pixel files remaining unreadable for untrusted programs.<p>This could require some deep hooks into the display system, though, considering that a lot of graphical programs are going to be running on the video driver (well, technically, all of them). I suppose another reason to care about open source and graphics.<p>I wonder as well if Rio from Plan 9 can accomplish this with a minimal amount of code, since Rio already serves windows through a file server!
I’ve seen this pop up a few times, usually when scrubbing video. I thought it previously gave you the option to continue so maybe it’s changed a bit.<p>I think it’s not a bad idea in terms of security, and likely its a response to an actual attack vector. But maybe there should be a way to disable it for specific sites or just have a warning bar.
Modern computing is in need of the "Secure Attention Key" concept. A dedicated user input which deliberately has no other function than to escape any kind of virtualization or input capture, and ensure that subsequent communications goes directly to a trusted part of the operating system.
Mentioned in another comment but this message showed up while watching a Youtube video in Safari on iPadOS 14.5. It was triggered by tapping the screen a few times with an Apple Pencil 2nd generation, I didn’t manage to make it show up a second time after choosing to stay in full-screen.
This makes no sense any way I look at it.<p>"youtube.com" could show you a fake keyboard anyways and why can't it trick you with a real keyboard.
Such a pointless popup. We enter personal information into websites every day. Want to prevent this from happening? Make it the home page for every browser.