- From: Daniel Appelquist <notifications@github.com>
- Date: Tue, 26 May 2020 08:14:59 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 26 May 2020 15:15:11 UTC
Just picking this one up in our [virtual F2f](https://github.com/w3ctag/meetings/blob/gh-pages/2020/05-distributed/README.md). We're still concerned about the privacy issues here. Considering the widespread "gaming" of user permission (ref discussion in https://github.com/w3ctag/design-reviews/issues/337) it's not clear that putting something behind an additional permission prompt would be beneficial. Since writing seems to be the more dangerous operation would it make sense to split reading and writing? Do you have info on the potentially dangerous uses of NDEF reading - e.g. where it has been used to steal credentials, etc... - and if so do you have a mitigation strategy? Do you have data on what the range of activities that NDEF reading and writing is used for "in the wild"? Some of these activities might be more dangerous than others when you imagine a world where these are exposed to arbitrary web sites. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/461#issuecomment-634089144
Received on Tuesday, 26 May 2020 15:15:11 UTC