Re: Bug 23934 - Proposal: Always launch permission prompt to avoid leakage from cowwoc on 2013-12-05 (public-media-capture@w3.org from December 2013)

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Thu, 05 Dec 2013 14:25:44 -0500
To: public-media-capture@w3.org
Message-ID: <52A0D338.2090507@bbs.darktech.org>

On 05/12/2013 1:25 PM, Jan-Ivar Bruaroey wrote:
> On 12/5/13 10:05 AM, Jim Barnett wrote:
>> Stefan,
>>    My concern is whether the UA will know enough about the 
>> unsatisfied mandatory constraints to prompt the user intelligibly.  
>> Martin says that he doesn't think that the UA will be able to explain 
>> what the constraints mean.  If that's the case, won't the user 
>> experience be pretty bad?  "You do not have a device that satisfies 
>> this application's requirements. Please insert random objects into 
>> your USB slot and maybe something will work".
>
> Again, only the "Allow" choice is suppressed in this proposal. If the 
> user ever presses the "Deny" choice (maybe it's called "OK" or "More 
> info", whatever) then the error callback will fire and the app can say 
> "Sorry" and thoroughly explain what it's requirements are.
>
> That seems reasonable to me, given that no consent is given. 
> Personally, I prefer a generic message rather than "meatspaces.org 
> says your camera is pointing the wrong way".
>
> If we're not satisfied with this, perhaps we could explore an "Allow" 
> choice that would grant the app access to produce a better error 
> message. But isn't that what "optional" already does?
>
> .: Jan-Ivar :

"Something Broke" [OK] = UX #FAIL

If you read https://panopticlick.eff.org/browser-uniqueness.pdf section 
6.3 it explicitly states that "Fingerprintability is inversely 
proportional to Debuggability". There is no getting around this fact. 
Any time we take steps to protect against Fingerprinting we *will* 
suffer worse usability and debuggability. So the question remains: do we 
need to protect against this kind of fingerprinting? Or do the costs 
outweigh the benefits?

Section 6.3 makes a very interesting point: "There is a spectrum between 
extreme debuggability and extreme defense against fingerprinting, and 
current browsers choose a point in that spectrum close to the 
debuggability extreme. Perhaps this should change, especially when users 
enter private browsing" modes.

I like the idea of the browser running in two separate modes: one which 
errs on the side of UX and the other on the side of 
fingerprinting-protection. Different users have different preferences, 
and we should give them the option to choose which trade-offs they prefer.

Gili

Received on Thursday, 5 December 2013 19:26:15 UTC