Abstract

We introduce SurroundWeb, the first least-privilege platform for immersive room experiences. SurroundWeb is a “3D Browser” that gives web pages the ability to display across multiple surfaces in a room, adapt their appearance to objects present in that room, and interact using natural user input. SurroundWeb enables least privilege for these immersive web pages by introducing two new abstractions: first, a Room Skeleton that enables least privilege for room rendering, unlike previous approaches that focus on inputs alone. Second, a Detection Sandbox that allows web pages to register content to show if an object is detected, but prevents the web server from knowing if the object is present. SurroundWeb provides three privacy properties: detection privacy, rendering privacy, and interaction privacy while simultaneously enabling Web pages to use object recognition and room display capabilities. Surveys show the information revealed by SurroundWeb is acceptable. SurroundWeb is practical: After a one-time setup procedure that scans a room for projectable surfaces in about a minute, our prototype can render immersive multi-display web rooms at greater than 30 frames per second with up to 25 screens and up to a 1440×720 display. We demonstrate a range of previously proposed and novel experiences can be implemented in a least-privilege way using SurroundWeb.