Re: [w3c/permissions] Add another permission state "always-ask" (from one-time grants)? (Issue #414) from Jan-Ivar Bruaroey on 2023-08-16 (public-webapps-github@w3.org from August 2023)

From: Jan-Ivar Bruaroey <notifications@github.com>
Date: Wed, 16 Aug 2023 09:31:39 -0700
To: w3c/permissions <permissions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/permissions/issues/414/1680924307@github.com>

I think we're getting side-tracked. Both the local storage argument and the privacy argument can be levied against permissions query() as a whole: none of it is needed (if local storage is sufficient), and all of it is a fingerprinting surface.

> A more likely reason for sites not using such solutions may be that there is no real need for them.

See https://github.com/w3c/mediacapture-main/issues/928 for the "slow-lane" problem. But as https://github.com/w3c/permissions/issues/414#issuecomment-1652264633 points out, Firefox plans to return `"granted"` instead of `"always-ask"`, and therefore doesn't need anything from this group to solve its problem. I was merely trying to answer @marcoscaceres question, but this seems to be turning into a side-track.

> ... you're implying that even though all cookies and site data are cleared, the site can still learn about a previous, ephemeral (!) permission grant that happened before the clearing. This would negatively impact privacy. I would be surprised if privacy-sensitive users would expect this behavior. It would also introduce a new bit of information that can be used for fingerprinting.

All query values are fingerprinting bits. Please read our [Intent to ship](https://groups.google.com/a/mozilla.org/g/dev-platform/c/auH04v5gGk8/m/uADZ4u-MCAAJ?utm_medium=email&utm_source=footer#:~:text=Since%20Firefox%20grants,hence%20this%20design.) for how Firefox intends to mitigate privacy concerns inherent in this spec. We welcome feedback on the intent to ship. But again, that's not what this issue is about.

This issue is about adding an arguably missing value to the recognized permission states as argued in the OP.

The merits of this new value can hopefully be judged by the same standards applied to existing values (which I think disqualify arguments such as: value can be achieved using local-storage, and value is a fingerprinting bit).

The audience for this new value would be apps that object to Firefox's implementation (and maybe future versions of Chrome?), and want to discern `"always-ask"` as a discrete value from Firefox's `"granted"`.

If this WG feels this new value is not necessary (hopefully using arguments unique to this new value), then so be it. We'll have this issue to direct complaints from app makers to.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/414#issuecomment-1680924307
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/permissions/issues/414/1680924307@github.com>

Received on Wednesday, 16 August 2023 16:31:46 UTC