Re: [w3c/permissions] Explicitly limit permission lifetimes (#231)

> If this is generally applicable to "lifetime all permissions", then shouldn't the Permissions spec be updated instead of Geolocation? I'm confused.

Two issues are being tangled up here.

The issue I filed in geolocation is saying "this functionality is too privacy-risky to only be set-and-forget.  For it to be non-privacy-harming, there should be a way for users to grant temporary access."

It might also be the case that this is true for all permissioned APIs, and so it might _also_ make sense to add lifetime options to all permissions. But that is independent from my issue on the geolocation spec, which is that I don't think the geolocation spec should go to rec w/o a way to grant access for a restricted amount of time.

I filed this issue specific to geolocation, and the risks specific to giving sites persistent access to geolocation data.  The issue text, link and concerns here are not general to all permissions. Please kindly transfer this issue back to its original location @marcoscaceres.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/231#issuecomment-805388808

Received on Wednesday, 24 March 2021 00:53:42 UTC