- From: Zoltan Kis <notifications@github.com>
- Date: Tue, 03 Mar 2020 23:31:24 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 4 March 2020 07:31:38 UTC
> I think treating native applications that the user has chosen to install as "anyone" is misleading. Not the app, but the media is exposed to anyone. The native (or web or HW) readers are just readers. Anyone can buy a reader, so yes, anyone can read an NDEF tag. We could implement some special censorship for web readers, but we need heuristics for that. Moreover, we need tag unique identification and integrity, neither of which is guaranteed for NDEF tags. So what can we do? We could include permission UI recommendations in the spec, and also consider implementing a blacklisting mechanism like in Web Bluetooth. However, not sure how much would it solve, given the problems above (UID duplication/fakes and no integrity unless encrypted). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/461#issuecomment-594368890
Received on Wednesday, 4 March 2020 07:31:38 UTC