Re: On Bug 23128 - 'Add an explicit "get access to media" call' from cowwoc on 2013-09-17 (public-media-capture@w3.org from September 2013)

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Tue, 17 Sep 2013 14:14:21 -0400
To: public-media-capture@w3.org
Message-ID: <52389BFD.9040900@bbs.darktech.org>

On 15/09/2013 8:07 PM, Silvia Pfeiffer wrote:
> On Mon, Sep 16, 2013 at 8:54 AM, Harald Alvestrand <harald@alvestrand.no> wrote:
>> On 09/09/2013 04:02 PM, Stefan Håkansson LK wrote:
>>> Putting my chair hat on,
>>>
>>> the discussion regarding adding an explicit "get access to media" call
>>> seems to be leaning towards that this is something we should not do.
>>>
>>> Unless more people speak up saying they want this I will close the bug,
>>> with a comment saying there was not support to add this, later this week.
>>>
>>> Stefan
>>>
>> Just to say a final word here:
>>
>> I feel that the arguments put forward by Anne, Robert and Martin are wrong.
>> In trying to prevent a particular class of bad application behaviours,
>> they are taking away the ability to write good applications that can do
>> what's right for the user.
>>
>> I believe that having the asking for permissions be an action that is
>> triggered explicitly by Javascript can give better user interfaces to
>> better applications than having the triggering of the same asking for
>> permission be implicit in a Javascript action whose purpose is something
>> else can.
>>
>> We're sacrificing the ability to write great applications in order to
>> make it harder to write bad ones.
>>
>> But I accept that my viewpoint, so far, has not found consensus in the
>> group, and will accept my chair's decision to close the bug as WONTFIX /
>> Working as intended, if that remains the position of the rest of the group.
> I have a gut feeling that Harald is correct, but I don't have any data
> to make a case yet.
>
> I hope the group will be open to reconsider introducing an explicit JS
> permission call in future once we have more experience with the
> current interface and whether or not it is sufficient.

     I'd like to suggest a possible compromise (borrowing the idea from 
Java):

     We continue prompting the user for individual permissions, but we 
add "Always trust this provider". By the time users get a second prompt, 
or visit the site a second time, they are likely to select this option 
which basically says "provide this provider with any permission they ask 
for".

     Users who want fine-grained control get it. Users who couldn't care 
less (your typical grandmother)  will suppress all further checks. I 
don't think there is a value in asking "your grandmother" for 
permissions multiple times because (in my experience) they don't really 
read the prompt before confirming (due to user fatigue and lack of 
technical background) so providing this option isn't really a security 
hazard.

Gili

Received on Tuesday, 17 September 2013 18:14:54 UTC