Re: On Bug 23128 - 'Add an explicit "get access to media" call'

+1


On Wed, Sep 18, 2013 at 3:43 PM, Silvia Pfeiffer
<silviapfeiffer1@gmail.com>wrote:

> I like either of these proposals. As long as my customers are not
> asked to press "Allow" 4 times when I try to activate 3 cameras (and
> make a call to find out what cameras are attached), I'm happy.
> Silvia.
>
> On Wed, Sep 18, 2013 at 4:18 AM, cowwoc <cowwoc@bbs.darktech.org> wrote:
> > On 17/09/2013 2:14 PM, cowwoc wrote:
> >>
> >> On 15/09/2013 8:07 PM, Silvia Pfeiffer wrote:
> >>>
> >>> On Mon, Sep 16, 2013 at 8:54 AM, Harald Alvestrand <
> harald@alvestrand.no>
> >>> wrote:
> >>>>
> >>>> On 09/09/2013 04:02 PM, Stefan Håkansson LK wrote:
> >>>>>
> >>>>> Putting my chair hat on,
> >>>>>
> >>>>> the discussion regarding adding an explicit "get access to media"
> call
> >>>>> seems to be leaning towards that this is something we should not do.
> >>>>>
> >>>>> Unless more people speak up saying they want this I will close the
> bug,
> >>>>> with a comment saying there was not support to add this, later this
> >>>>> week.
> >>>>>
> >>>>> Stefan
> >>>>>
> >>>> Just to say a final word here:
> >>>>
> >>>> I feel that the arguments put forward by Anne, Robert and Martin are
> >>>> wrong.
> >>>> In trying to prevent a particular class of bad application behaviours,
> >>>> they are taking away the ability to write good applications that can
> do
> >>>> what's right for the user.
> >>>>
> >>>> I believe that having the asking for permissions be an action that is
> >>>> triggered explicitly by Javascript can give better user interfaces to
> >>>> better applications than having the triggering of the same asking for
> >>>> permission be implicit in a Javascript action whose purpose is
> something
> >>>> else can.
> >>>>
> >>>> We're sacrificing the ability to write great applications in order to
> >>>> make it harder to write bad ones.
> >>>>
> >>>> But I accept that my viewpoint, so far, has not found consensus in the
> >>>> group, and will accept my chair's decision to close the bug as
> WONTFIX /
> >>>> Working as intended, if that remains the position of the rest of the
> >>>> group.
> >>>
> >>> I have a gut feeling that Harald is correct, but I don't have any data
> >>> to make a case yet.
> >>>
> >>> I hope the group will be open to reconsider introducing an explicit JS
> >>> permission call in future once we have more experience with the
> >>> current interface and whether or not it is sufficient.
> >>
> >>
> >>     I'd like to suggest a possible compromise (borrowing the idea from
> >> Java):
> >>
> >>     We continue prompting the user for individual permissions, but we
> add
> >> "Always trust this provider". By the time users get a second prompt, or
> >> visit the site a second time, they are likely to select this option
> which
> >> basically says "provide this provider with any permission they ask for".
> >>
> >>     Users who want fine-grained control get it. Users who couldn't care
> >> less (your typical grandmother)  will suppress all further checks. I
> don't
> >> think there is a value in asking "your grandmother" for permissions
> multiple
> >> times because (in my experience) they don't really read the prompt
> before
> >> confirming (due to user fatigue and lack of technical background) so
> >> providing this option isn't really a security hazard.
> >
> >
> >     Or (probably even better) we prompt users for one permission at a
> time,
> > but give them the option to review all permissions and accept them at
> once.
> > It's a hybrid between Harald's proposal and Java's "Always trust this
> > provider".
> >
> >     It would look something like this: "foobar.com would like to use
> your
> > Webcam. [Accept] [Reject] [Review all permissions]"
> >
> >     Clicking on "Review all permissions" would bring up a panel similar
> to
> > Android, listing all permissions and allowing the user to grant them all
> at
> > once.
> >
> > Gili
> >
>
>