- From: Jonas Sicking via GitHub <sysbot+gh@w3.org>
- Date: Tue, 18 Aug 2015 18:01:52 +0000
- To: public-web-nfc@w3.org
What is the purpose of having the API ask for UI permission? Generally speaking, it doesn't seem like communicating through the NFC chip is that different from communicating through TCP/IP packets. For TCP/IP packets we don't ask the user for permission before allowing a webpage to send or receive data. The only thing that we do do is to make sure that the party that we communicate with is prepared to communicate with untrusted web content. That's why we have strict limitations on what types of HTTP requests you can send to 3rd party servers. Only if the servers opt in through the use of CORS do we allow arbitrary HTTP requests to be sent. Similarly with WebSockets we only allow talking to WebSocket servers if the server explicitly opts in to talking to the initiating website. But once that opt-in exists, we don't have any user prompts asking the user if it's ok if website X can connect to website Y. That same opt-in is what #2 provides for NFC. So why do we have a user prompt for NFC? The only argument that I can see for having a prompt is that NFC can potentially expose information about the users location. For example if I set up a tag at a given intersection in San Francisco with a unique identifier and then create a website which listens to NFC events, then I will know that the user is at that location in San Francisco if I get an NFC event which contains my unique identifier. This is equally true for writing since rather than reading the id of the tag, I could write something that identifies the user to the tag. Then I can go to the tag to see who was at the given intersection at what time. This is obviously also true for P2P. However I would argue that in the vast majority of cases a user won't accidentally hold up their NFC enabled device to an NFC tag without expecting that the currently foreground content will be able to access that tag. One option is to do something similar to what we do for fullscreen. I.e. rather than having a prompt, simply inform the user in an unobtrusive manner. If we can make that unobtrusive enough I think it's fine to leave it as an UA decision what the UI would look like. For example enable an icon in the status bar of a phone indicating that the current webpage is attempting to do NFC communication. So in summary, I think the spec should: * Explain the privacy aspect. * *Not* require that implementations prompt the user. * Suggest that some form of unobtrusive notification might be wanted if the implementation wants. * Explain that this notification would apply equally to all of reading/writing/p2p Obviously we shouldn't forbid any prompts or other privacy/security measures that implementations want to add. Just like no spec forbids that for TCP/IP communication. -- GitHub Notif of comment by sicking See https://github.com/w3c/web-nfc/issues/3#issuecomment-132299130
Received on Tuesday, 18 August 2015 18:01:54 UTC