- From: Daniel Appelquist <notifications@github.com>
- Date: Mon, 22 Jun 2020 09:37:33 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 22 June 2020 16:37:47 UTC
Ok @zolkis that's good info. On the risks of writing to NFC tags I think we are most concerned about them being used a a vector for phishing / spam/ fraud, etc... We would appreciate the spec having some more detailed write-up on these considerations and mitigations (e.g. "only use read-only tags in a commercial / public service setting" or similar wording). On prompting: we are still uncomfortable with the approach being taken to user prompts. We don't think the current approach is adequate. We understand that there was an alternative proposal being floated for non-interruptive visual indication of scanning that would make it obvious to the end-user when the NFC scanning is happening and give the user the opportunity to cancel. That sounds like it might be a better approach - especially considering the different trust expectation of users for web pages. Ideally the user would be shown something that indicates to them what data is being exchanged. (Similar to how the bluetooth scanning API would show what bluetooth devices are around you as part of a privacy prompt.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/461#issuecomment-647635286
Received on Monday, 22 June 2020 16:37:47 UTC