docs(security): record measured WDA_EXCLUDEFROMCAPTURE behavior + capture-vs-viewer framing
Tested on .173: a WDA_EXCLUDEFROMCAPTURE window (affinity readback 0x11, confirmed active) is pixel-identically visible in the punktfunk/1 stream across no-flag / flag-set / flag-cleared phases — the flag makes no difference to a present-tap capture. Replace the "untested, treat as expected" note in the IDD-push residual list with the measured result, and correct the framing: WDA visibility matches what a person at the screen sees (it exceeds an ordinary capture tool, not the physical viewer). Add the matching public-facing paragraph to the security page covering both asymmetries — WDA windows appear (same as a physical viewer), DRM video is blanked (less than a physical viewer) — tied back to the page's "a client sees what someone at the machine sees" model. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -136,8 +136,14 @@ reason "admin/SYSTEM = total" stays on the residual list below.
|
||||
boundary against admin. The host↔driver channel has no mutual authentication beyond the `GET_INFO`
|
||||
version handshake + the `verify_is_wudfhost` image check.
|
||||
* **`WDA_EXCLUDEFROMCAPTURE` windows are visible.** IDD-push taps the *present* side, not the
|
||||
*capture* side, so windows that exclude themselves from capture still appear in the stream — true
|
||||
of every virtual-display streaming stack. Untested on our lab box; treat as expected behavior.
|
||||
*capture* side, so windows that exclude themselves from capture still appear in the stream. This is
|
||||
the same exposure a person looking at the physical screen has (the flag hides a window from capture
|
||||
APIs, not from the display), so it fits inside the "a client sees what someone at the screen sees"
|
||||
model rather than exceeding it; what it exceeds is an ordinary screen-*capture* tool (OBS/WGC/DDA),
|
||||
which honors the flag. **Measured, not assumed (2026-07-04, .173):** a full-screen test window was
|
||||
streamed through three 8 s phases — no flag / `WDA_EXCLUDEFROMCAPTURE` set (affinity readback `0x11`,
|
||||
confirmed active) / flag cleared — and the window was pixel-identically visible in the decoded
|
||||
punktfunk/1 stream in all three. The flag made no difference to the stream.
|
||||
* **DRM/HDCP:** protected content is blanked by DWM at composition, and HDCP is a monitor↔GPU
|
||||
handshake an indirect display cannot satisfy — neither is bypassed by this path.
|
||||
* IDD-push is currently the **sole Windows capture path** (DDA and the WGC relay were removed). An
|
||||
|
||||
@@ -128,6 +128,16 @@ virtual display is a real monitor: any process already running in your desktop s
|
||||
through the ordinary OS screen-capture APIs, exactly as it could capture a physical monitor. That floor
|
||||
is the same for every virtual-display streaming stack.
|
||||
|
||||
One nuance specific to how the Windows host captures: because it reads the composed desktop image (what
|
||||
the monitor shows) rather than going through Windows' screen-capture APIs, a window that hides itself
|
||||
from *recording* tools with `WDA_EXCLUDEFROMCAPTURE` still appears in the stream — just as it appears to
|
||||
anyone looking at the physical screen. Conversely, DRM-protected video (Netflix and the like) is blanked
|
||||
by Windows for any capture path, so it shows as black rather than the protected frames. Neither weakens
|
||||
Windows' protections: the first is exactly what a person at the screen already sees, and the second is
|
||||
Windows enforcing its own rule. The consistent way to think about it is the one from the top of this
|
||||
page — **a connected client sees and does what a person sitting at that machine could**, no more (and,
|
||||
for DRM content, slightly less).
|
||||
|
||||
**Recommendation:** run the Windows host on a **dedicated or gaming PC**, not on a machine that also
|
||||
holds your most sensitive material (work laptop, financial records, the box with your password vault).
|
||||
A gaming rig you stream from is a great fit; your primary secrets machine is not.
|
||||
|
||||
Reference in New Issue
Block a user