Re: Web Intents: Opacity from Paul Kinlan on 2011-11-22 (public-web-intents@w3.org from November 2011)

From: Paul Kinlan <paulkinlan@google.com>
Date: Tue, 22 Nov 2011 22:40:17 +0000
To: timeless <timeless@gmail.com>
Cc: WebIntents <public-web-intents@w3.org>, Greg Billock <gbillock@google.com>
Message-ID: <CADGdg3Aj8QYG9bc==JWYV+KoiCCzrWWuPE169MxSCa7iOC=biQ@mail.gmail.com>

I suppose we should document the concern.

A user visits a service that implements it own unique intent that is
bespoke to the site.
<intent action="anuniqueaction" type="*" />

Other site checking to see if you have been to an app:
window.navigator.checkActivity("anuniqueaction", "*") == true;  // Hey
we know you are attached to the other site.

To note, as soon as another site implements "anuniqueaction", the
probablity of knowing the exact site is reduced.  Further more, if the
action is completed then we will likely know they are attached to the
other site.

So my thoughts are it is not the same as a:visited, but is it still a
similar risk level.

The ability to know if an action can be handled is a common feature
request amongst developers that I speak to, they are concerned that if
they can't detect that there is an app to handle it then it is a
terrible UX.

Current patterns that I have been playing with are:
- Build a basic handler in the app for each action/type so that there
is at least an app default, however this goes against the grain of the
spirit of intents; that you don't need to implement functionality
because it is delegated to another party.
- Build a registry that contains all the known sites that support the
action/type pair.

P

On Tue, Nov 22, 2011 at 10:22 PM, timeless <timeless@gmail.com> wrote:
> On Tue, Nov 22, 2011 at 2:28 PM, Greg Billock <gbillock@google.com> wrote:
>>>> §2 Opacity
>
>> Even same-origin requests to see if the service is registered could be
>> misused as a (weak) cookie.
>
> Indeed
>
>> Something that may become ergonomically helpful and be an acceptable
>> tradeoff is a client ability to request whether any services at all are
>> registered for a particular action/type. I'm leery even of that, though.
>
> I'm rather strongly opposed to even that. It took us years to address
> a:visited, it's too easy to discover if someone has been somewhere and
> abuse that knowledge.
>
>

-- 
Paul Kinlan
Developer Advocate @ Google for Chrome and HTML5
G+: http://plus.ly/paul.kinlan
t: +447730517944
tw: @Paul_Kinlan
LinkedIn: http://uk.linkedin.com/in/paulkinlan
Blog: http://paul.kinlan.me
Skype: paul.kinlan

Received on Tuesday, 22 November 2011 22:40:45 UTC