- From: Ryosuke Niwa <notifications@github.com>
- Date: Sun, 15 Dec 2019 18:42:36 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 16 December 2019 02:42:38 UTC
> We have permission prompts for all sorts of scary things like cam/mic and geolocation which can be requested by the site at any time, and if the user is accepting them just to dismiss a prompt, they're going to have a bad time. And that’s bad. Permission prompts should be avoided whenever possible. But those permissions are directly associated with the action user is attempting to take (e.g. join a video conference), and the permission granted won’t persist once the browser exits. The problem with saving to home screen / installing is that it’s not obvious to the user as to why one may want to do that and the consequence is persistent. If browsers were to give more leniencies to websites saved on home screen / installed (e.g. not showing URL), this becomes a persistent attack surface for social engineering / phishing. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/835#issuecomment-565882506
Received on Monday, 16 December 2019 02:42:38 UTC