W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2013

Re: Allow ... centralized dialog up front

From: Charles McCathie Nevile <chaals@yandex-team.ru>
Date: Sat, 02 Feb 2013 03:37:38 +0100
To: Florian Bösch <pyalot@gmail.com>
Cc: adriennefelt@gmail.com, "Arthur Barstow" <art.barstow@nokia.com>, "Webapps WG" <public-webapps@w3.org>
Message-ID: <op.wruxk0rmy3oazb@chaals.local>
On Fri, 01 Feb 2013 15:29:16 +0100, Florian Bösch <pyalot@gmail.com> wrote:

> Repetitive permission dialog popups at random UI-flows will not solve  
> the permission fatique any more than a centralized one does. However a  
> centralized >permission dialog will solve the following things fairly  
> effectively:
> - repeated popup fatique

Sure. And that is valuable in principle.

> - extension of trust towards a site regardless of what they ask for (do  
> I trust that Indie game developer? Yes! Do I trust google? No! or vice  
> versa)

I don't think so. As Adrienne said, as I have experienced myself, without  
understanding what the permission is for trust can be reduced as easily as  

> - make it easy for developers not to add UI-flows into their application  
> leading to things the user didn't want to give (Do we want a menu entry  
> "save to local >storage" if the user checked off the box to allow local  
> storage? I think not.)

> - make it easy for developers to not waste users time by pretending to  
> have a working application, which requires things the user didn't want  
> to give. (Do we really >want to offer our geolocated, web-camera using  
> chat app to users who didn't want to give permission to to either? I  
> think not. Do we want to make him find that out >after he's been  
> entering our UI-flow and been pressing buttons 5 minutes later? I think  
> not.)
These are not so clear. As a user, I *do* want to have applications to  
which I will give, and revoke, at my discretion, certain rights. Twitter  
leaps to mind as something that wants access to geolocation, something I  
occasionally grant. for specific requests but blanket refuse in general.
The hypothetical example you offer is something that in general it seems  
people are happy to offer to a user who has turned off both capabilities.

I think the ability for a page to declare permission requests in a  
standard way, the same as applications and extensions, is worth pursuing,  
because there are now a number of vendors using stuff that seems to only  
differ by syntax.

The user agent presentation is a more complex question. I believe there is  
more research done and being done than you seem to credit, and as Hallvord  
said, I think this is an area where users evolve too.

For the reasons outlined already in the thread I don't think an  
Android-style "here are all the requests" is as good a solution in  
practice as it seems, and there is a need for continued research as well  
as implementations we can test.



> On Fri, Feb 1, 2013 at 3:22 PM, Charles McCathie Nevile  
> <chaals@yandex-team.ru> wrote:
>> On Fri, 01 Feb 2013 15:16:04 +0100, Florian Bösch <pyalot@gmail.com>  
>> wrote:
>>> On Fri, Feb 1, 2013 at 3:02 PM, Adrienne Porter Felt  
>>> <adriennefelt@gmail.com> wrote:
>>>> My user research on Android found that people have a hard time  
>>>> connecting upfront permission requests to the application feature  
>>>> that needs the >>>>permission. This meant that people have no real  
>>>> basis by which to allow or deny the request, except for their own  
>>>> supposition.  IMO, this implies that the >>>>better plan is to  
>>>> temporally tie the permission request to the feature so that the user  
>>>> can connect the two.
>>> In some circumstances this works, in others, it does not. Consider  
>>> that not every capability has a UI-flow, and that some UI flows are  
>>> fairly obscure. More often >>>than not a page will initiate a flurry  
>>> of permission dialogs up front to get it out of the way. Some of the  
>>> UI-flows to use a capability happen deep inside an >>>application  
>>> activity and can be severely distracting, or crippling to the  
>>> application.
>>> If a developer wants to use the blow-by-blow popup dialogs, he can  
>>> still do so by simply not calling an API to get done with the business  
>>> up front. But for those >>>who know their application will not work  
>>> without features X, Y, Z, A, B and C there is no point. They already  
>>> know their app is not going to work. They already >>>know they would  
>>> have to pester the user 6 times with successive popups. They already  
>>> know that they will severely distract the user or cripple themselves  
>>> by >>>making the user click trough 6 popups whenver it becomes  
>>> necessary. They already know that 80% of their users will quit their  
>>> page after the 3rd popup >>>asking random questions. Why should there  
>>> not be a way to prevent all that from happening?
>> The stock answer (and I think it is too glib, and we should be thinking  
>> harder about this) is
>> "because those who just want the user to agree to give away their  
>> security and privacy will be able to rely on permission fatigue. Which  
>> they can create, by >>getting sufficient users to download versions of  
>> popular stuff that requests unreasonably complicated permissions. So  
>> consolidating everything will make the >>system effectively useless".
>> cheers
>> Chaals
>> --Charles McCathie Nevile - Consultant (web standards) CTO Office,  
>> Yandex
>> chaals@yandex-team.ru Find more at http://yandex.com

Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex
chaals@yandex-team.ru Find more at http://yandex.com
Received on Saturday, 2 February 2013 02:38:17 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:52 UTC