- From: Kenneth Rohde Christiansen via GitHub <sysbot+gh@w3.org>
- Date: Thu, 20 Aug 2015 09:16:52 +0000
- To: public-web-nfc@w3.org
Writing something to an NFC tag is not much more secure than writing it down on a piece of paper. My wife now writes a recipe on a piece of paper. When it is laying around in the house, everyone can read it (same origin - no prompts really necessary). Now someone (Peter) visits and sees that paper and asks if he may have a look (prompt - not same origin). I the user, can decide to show it or not. (I got told that Peter would like to look (request) and I explicitly handed the recipe to him (tapped the tag)) It is pretty much up to me. Now my wife may have said to me that I should not show it to anyone, but that power is really up to me, the user. I don't like white lists much, they are going to get outdated quickly. So one option would be to mark the tag as "not for sharing" and somehow let the user decide to obey that or share anyway. Or we would somehow need to get the external site to ask permission from the original site. I guess a whitelist could be stored online, but I don't think it will scale... I might find a small site which I trust and which can do something smart with the data that I wrote to the NFC tag from www.superawesomegame.com And ultimately I think the user is the one who should be in control, just like I could take the recipe and mail to to Super Awesome Cakes, Ltd. -- GitHub Notif of comment by kenchris See https://github.com/w3c/web-nfc/issues/3#issuecomment-132947906
Received on Thursday, 20 August 2015 09:16:54 UTC