- From: Jason A. Novak <jnovak@apple.com>
- Date: Wed, 03 Oct 2018 00:35:52 -0700
- To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>
- Cc: Nick Doty <npdoty@ischool.berkeley.edu>, public-2018-permissions-ws@w3.org
- Message-id: <E6E46014-2108-4896-8C16-BB52EAFCFECE@apple.com>
One element of the conversation at the permissions workshop was, roughly ‘Just because we can add a feature to the web platform, should we, particularly if it needs to be gated on a permission? Does the benefit outweigh the risk / annoyance to the user / cognitive load?”. While the exact words would need to be refined, I think that there’s a good question there that is worth considering adding to the PING questionnaire; I have a variant of it in discussion with some folks in PING now. > On Oct 3, 2018, at 12:23 AM, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com> wrote: > > > > wt., 2 paź 2018 o 23:53 Nick Doty <npdoty@ischool.berkeley.edu <mailto:npdoty@ischool.berkeley.edu>> napisał(a): > Hi Lukasz, > >> On Oct 2, 2018, at 12:06 AM, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com <mailto:lukasz.w3c@gmail.com>> wrote: >> >> One question: who is to ultimately decide/etc as to whether a permission is justified and/or makes sense? Consensus? Permissions WG? TAG? A dedicated 'elders of permissions' group? > > I wasn't envisioning any new enforcement/decision-making mechanisms with this guide. If there is general agreement on these questions or this approach, then I think it could come up during TAG review, or PING (Privacy Interest Group) review, or better yet, be considered by implementers/feature designers before getting to those review stages. > > That's what I think, PING+TAG may be enough. But again, implementors should be included as well (and the major ones are currently, at least in the TAG). > > > That being said, there was the suggestion at this meeting that other stakeholders could play a role. For example, civil society groups like Consumer Reports might evaluate browsers or web sites in how they handle permissions and having a common rubric might make those evaluations viable or more effective. Or researchers can keep track of where the system is falling short. > > ...but on the other hand, PING+TAG would be a bit confined, so not clear how to meaningfully manage 'engagement'. Thinking of it, such edge-cases might be rare. But if there many be any, I would not feel comfortable not thinking of this in advance. Alternatively, to simplify: designate a task force composed out of TAG/PING members, so people know where to "call" (but then - how to actually contact is a separate issue). > > I think we should not exclude the possible evolution on the permissions front (both their meaning, potential expansion, and so). > > Kind regards > Lukasz > >
Received on Wednesday, 3 October 2018 07:36:18 UTC