[w3c/permissions] The "prompt" permission state maps poorly across browsers (#230)

The [permission state](https://w3c.github.io/permissions/#enumdef-permissionstate) is a triumvirate of the following states (with no opposites):
```js
enum PermissionState {
  "granted",
  "denied",
  "prompt",
};
```
The third state is the default.  Browsers like Safari & Firefox (unless user opts in) _stay in the default state_ for camera & mic.

Yet, many web developers treat the default state as undesirable¹. This results in privacy-hostile UX to prime repeat users as newbies every visit (a slow lane) until they're beaten into submitting to persisting permission (if available); a privacy issue.

At Mozilla, we discussed this a while back and I'm catching up with recording two proposals we have here:

#### Proposal 1: change the name of the third state to `"default"`:
```js
enum PermissionState {
  "granted",
  "denied",
  "default",
};
```
This is to emphasize that 1) this state isn't an obstacle to overcome; 2) prompts aren't necessarily exclusive to this state.

#### Proposal 2: remove guarantees of no browser UX in `"granted"`

Browsers like Safari use unknown heuristics to determine permission in some cases – hypothetically such heuristics might include: waiting too long, visiting other windows, navigating + back button, another app opening the camera concurrently, laptop having slept, [lack of user gesture](https://github.com/w3c/mediacapture-extensions/issues/11#issuecomment-593307645) etc. All combinations that _may_ cause a re-prompt where otherwise there would be none — It's not clear to us what use case requires sites to be privy to updates about these changes, nor require UAs to make these determinations on an ongoing basis simply to update all sites about them.

Note that getUserMedia calls [wait for focus](https://w3c.github.io/mediacapture-main/getusermedia.html#dom-mediadevices-getusermedia), so there's already no immediacy invariant even with `"granted"`.

In Firefox, we'd like to return `"granted"` while still gating camera & microphone going hot on some browser button for privacy, to avoid the priming many sites would otherwise slow down repeat Firefox users with.

The `"granted"` value would retain its value as a strong signal the user trusts this site with their camera/microphone, and is not likely to block the site (which would still require [new information about the user's intent](https://w3c.github.io/permissions/#new-information-about-the-users-intent)). We'd base this on recent successful grants.

---
<sub>1. We can speculate why devs find the `"prompt"` state undesirable, but two factors are likely contributors:</sub>
<sub>    - The risk of being permanently blocked is much higher in Chrome's Allow/Block model</sub>
<sub>    - Temporary permissions don't span navigation well in Safari & Firefox, causing reprompts (something we're working on).</sub>

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/230

Received on Monday, 25 January 2021 22:08:42 UTC