- From: Zoltan Kis <notifications@github.com>
- Date: Tue, 23 Jun 2020 23:56:19 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/461/648631283@github.com>
User prompting is a policy and the spec could recommend using non-interruptive visual indications of cancellable operations as the preferred policy. However, browsers may have reasons to use other prompting policies. What the spec needs to ensure is clarity about the subject of the policy, i.e. what authorization is needed for what operations. > the user doesn't know what information is exposed by reading NFC tags When reading a simple NFC tag (as exposed by this API), information flow is from the NFC tag to the device. The user indeed does not know what information is on the NFC tag, but likely wants to know, which is the main reason the user engages into reading the tag. There is no information exposed about the user by reading NFC tags. User location could be determined indirectly if the tag location was known and the tag directs the user to a page that identifies the tag, therefore indirectly identifies the location of the read. However, that page cannot be opened if the user does not approve it. No, reading a tag cannot identify the user. No, reading a tag cannot reveal a particular disease of the user. No, reading a tag cannot share one of their second-factor authentication tokens. There is an infinitum of other things that reading a tag cannot share about the user. These fears and arguments are unfounded. We keep going in a loop, but fine, spin it once more. The protocol itself was designed to expose the information on the NFC tags (with this API), and also to write information. Not unlike a file API on a physical medium. These are ubiquitous technologies we cannot prevent from existing and are becoming more and more part of everyday life, including the web - we should rather strive to expose them in the most secure way possible, both by scoping and by security hardening. The question is not whether exposing NFC to web pages is a good idea (the growing number of use cases signals it is a good idea), but how to do it properly. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/461#issuecomment-648631283
Received on Wednesday, 24 June 2020 06:56:32 UTC