- From: L. David Baron <notifications@github.com>
- Date: Tue, 23 Jun 2020 16:00:56 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 23 June 2020 23:01:09 UTC
I should also clarify that I think there's disagreement within the TAG on what the problems with the prompts for NFC permission are. I think the problems are deeper: it's hard to explain to a user what reading and writing NFC tags means, since the user doesn't know what information is exposed by reading NFC tags (whether it identifies them uniquely, identifies their location, says they have a particular disease, or shares one of their second-factor authentication tokens) or by writing them, and this varies widely by what NFC tags are being read/written. Given that the protocol itself wasn't designed with the explicit intention of being exposed to arbitrary web content, it's not clear that the security tradeoffs made by the designers of devices that support NFC's NDEF messages are appropriate for exposing them to Web content. (The Yubikey example clearly demonstrates that this is a problem, but it doesn't tell us the scope of the problem.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/461#issuecomment-648471296
Received on Tuesday, 23 June 2020 23:01:09 UTC