- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 12 Nov 2015 09:48:27 -0800
- To: Jake Archibald <jakearchibald@google.com>
- Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, WebAppSec WG <public-webappsec@w3.org>, Anne van Kesteren <annevk@annevk.nl>
On 12 November 2015 at 01:40, Jake Archibald <jakearchibald@google.com> wrote: > The goal here is to remove the failures of the lie-fi (and offline) case > without impacting the perfect connectivity case. Requiring an opt-in browser > level permission to let a user send an email would be a big user experience > regression in the perfect connection case. If the concerns are largely due to network moves, then isn't this a matter of identifying [*] when these secondary actions are permitted? I think that the major risk occurs when there is both a) a delay between trigger and action and b) a change in circumstance. I don't think that we should be overly concerned about the constant shift between WiFi and cellular connections for a device that happily flip-flops between the two. We might be concerned about ensuring that what happens at home does not accidentally propagate to the workplace (and vice versa). [*] I used "identify" advisedly, noting that it isn't always possible for a browser to identify it's own network situation reliably. Whatever solution we come up with here needs to account for that fact as well.
Received on Thursday, 12 November 2015 17:48:55 UTC