Re: [w3ctag/design-reviews] Notification Inline Replies (#284)

Hi TAG. Thanks for your feedback. 

In response to the points on phishing and attribution, I have added a [Potential For Abuse section](https://github.com/anitawoodruff/inline-notification-replies#potential-for-abuse) to the explainer addressing the phishing concern and a [note to the spec PR](https://github.com/whatwg/notifications/pull/132/commits/56bb9a1cfa4616f8405432749e1d4826eb23a4d9) regarding attribution.

In response to your other concerns:

- Misuse to grab attention
  - Often native platforms implement inline reply UI as regular buttons that only expand into input boxes on click (eg Android, Chrome OS), so these are no worse than regular notifications
  - This capability is expected to primarily be used by messaging applications, which tend to get the highest click-through-rates on their notifications already, so this is unlikely to exacerbate the worst cases of notification annoyance.

- Tracking (since the ability to reply more easily may make it likelier for users to interact with them on the go)
  - Service workers may already perform fetch requests on receipt of a push message prior to showing a notification, so this is unlikely to lead to greater tracking.

- Interaction with current permission model
  - We propose this doesn't require a new permission; it should be covered by the existing notification permission to keep things simple. Permission delegation seems orthogonal to this change.

Unfortunately I will be OOO for the next 2 weeks but I expect @beverloo would be happy to meet up F2F for further discussion.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/284#issuecomment-399572323