RE: Intended usage notification from Ian Hickson on 2009-03-26 (public-geolocation@w3.org from March 2009)

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 26 Mar 2009 22:39:17 +0000 (UTC)
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
Cc: Greg Bolsinga <bolsinga@apple.com>, Doug Turner <doug.turner@gmail.com>, public-geolocation@w3.org
Message-ID: <Pine.LNX.4.62.0903262232220.25058@hixie.dreamhostps.com>

On Thu, 26 Mar 2009, Thomson, Martin wrote:
>
> Trust is not a binary operation on all aspects.
> 
> The thought process goes thus:
> 
> - I trust this site not to lie.
> 
> - This site just asked me if I wanted to be advertised at based on my 
> location: reject.

(Why would you reject it? Location-based ads are far more useful than 
generic ads.)

> - This site just asked me if I wanted to display a map of my vicinity: 
> allow.

What would happen in practice is:

 - This BROWSER (not the site) just told me I had to click Accept for the 
   site to work: accept.

IMHO you won't get the user to think that the site is asking the question, 
they'll think the message is from the browser (malware sites have already 
shown this with, e.g., window.alert() or even screenshots of dialog boxes 
as used in some display ads); you won't get the user to wonder about trust 
if the site can modify the message; and you won't get sites to ask the 
user multiple times (for ads and for maps, for example) when they can just 
ask once and be done with it.

> What the current arrangement does is forces users to have a reasonably 
> good conceptual model of what is going on in the web page in order to 
> make an informed decision when the prompt is offered.  I don't believe 
> that an average user is capable of building a useful model.

I think what you are proposing has even less of a chance of being 
understood by the user.

(As Andrei points out, Gears actually tried this.)

> The current model leads to users to think: ``the last time I clicked 
> "reject" the site didn't work.'' This has the effect of training users 
> to blindly click accept.

What you are proposing has the effect of training users to believe 
messages the sites can control but that are integrated in browser chrome, 
which is even worse.

Note that the UI doesn't have to be a modal "accept/reject" interface. It 
could also be a non-modal UI where the rejection is assumed until the user 
opts in by clicking a button. This avoids training the user to click 
"accept" in a far more effective way than site-controlled messages.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 26 March 2009 22:39:53 UTC