- From: Daniel Appelquist <notifications@github.com>
- Date: Tue, 21 May 2019 06:41:00 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 21 May 2019 13:41:25 UTC
We remain concerned about the potential misuse of this API - especially by bad actors. There should be a stronger mitigation against misuse, specifically against invocation of this API on first load. We don't want people getting prompted to share their contacts when they first load a page (as has been the case with notifications.) The requirement for activation is a good step, but things like clicking away the 'cookie warning' dialog will count as user activation so this potentially isn't good enough to mitigate against misuse. Have you considered integrating with the permissions API such that a browser could for example reject if the application is not installed as a PWA? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/337#issuecomment-494395959
Received on Tuesday, 21 May 2019 13:41:25 UTC