Re: Bug 23934 - Proposal: Always launch permission prompt to avoid leakage

On 28/11/2013 1:37 AM, Adam Bergkvist wrote:
> On 2013-11-27 18:47, Stefan Håkansson LK wrote:
>> On 27/11/13 18:30, Martin Thomson wrote:
>>> On 27 November 2013 06:40, Jim Barnett <Jim.Barnett@genesyslab.com> 
>>> wrote:
>>>> I am opposed to this.  I think that it would complicate app 
>>>> development and
>>>> make the user experience worse.
>>>
>>> I am in favour of this (modulo a persistent grant of permissions).
>>
>> I'm in favor too. This is about privacy, and I want to be careful.
>
> I'm also in favor of this (for reasons mentioned in a bunch of other 
> mails).

I don't like the fact that we are exerting so much effort to protect 
against theoretical fingerprinting risks [1] when we have plenty of 
*real* troubleshooting problems that are not being tackled, and in fact 
will only get worse as a result of this proposal. For that reason, I am 
against this proposal at this time. I think that we should revisit this 
proposal once error reporting has improved. I am not aware of anything 
that would prevent us from implementing it at a later time.

[1] Security is a bottomless pit. There will always be more security 
issues and they will always come at the cost of usability. For that 
reason, we need to evaluate the cost/benefit of each issue, and only 
implement it if we gain more than we lose. It's hard for me to evaluate 
the cost/benefit at this time because error reporting is in such an 
unbearable state (making it hard to give up what little error reporting 
we have).

Gili

Received on Thursday, 28 November 2013 07:11:57 UTC