Re: [w3c/manifest] beforeinstallprompt : Prompting user makes it to hard to discern whether the user truly wanted to "install" a web app (#835)

> > But those permissions are directly associated with the action user is attempting to take (e.g. join a video conference)
> 
> That depends on the site. A "good" site will have a "join video conference" button which asks for cam permission and thus it's obvious to the user from context why it's asking for permission. Just as a "good" site will have an "install me" button which calls `BIPE.prompt()`* and thus it's obvious to the user from context why the UA is prompting to install.

"Good" sites are kind of irrelevant here.

> Of course, there can be a "bad" site that asks for cam permission with no apparent context, at which point a savvy user might say no, or a naive user who just wants to click through everything might say yes. Similarly, a "bad" site could ask for install with no apparent context, at which point the same user might say no or yes. Basically the same argument being applied here applies to all of the other APIs that ask for permission.

An important thing here is that it's more apparent to the user that the website may need camera access if one is joining a video conference. It's unclear why a website needs to be saved to home screen. Again, permission prompts are bad and should be avoided whenever possible.

> > and the permission granted won’t persist once the browser exits
> 
> Ah I see. I didn't realise Safari revoked all permissions at shutdown. That is an important difference. But since installation shouldn't be granting any permissions, it shouldn't matter (see [Controlling Access to Powerful Web Platform Features](https://chromium.googlesource.com/chromium/src/+/lkgr/docs/security/permissions-for-powerful-web-platform-features.md)).

Again, we (Apple's WebKit team) don't necessarily agree with this particular Blink / Chromium policy / strategy / approach.

On a somewhat orthogonal point, I find it rather concerning that multiple Google representatives keep referring to some kind of Blink / Chromium policy or implementation details as supporting details when making a point in this issue. Since the whole point of having multiple independent implementations is that they're *independent*, I respectively ask everyone involved in this and future discussions from refraining from using any kind of Blink or Chromium specific policy or strategy as a way to mitigate whatever Web API concerns we raise.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/835#issuecomment-565926935

Received on Monday, 16 December 2019 06:42:59 UTC