- From: Johann Hofmann <notifications@github.com>
- Date: Thu, 21 Nov 2024 20:30:04 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/956/2492852942@github.com>
Thanks for the feedback @torgo. > * Regarding the potential for User Confusion: While UX solutions have been proposed, the effectiveness of these designs in clearly communicating the partitioned nature of identities and data access across origins remains uncertain. Do you have user testing studies that you can share with us which might show how this approach can safeguard against potential user confusion or use in deceptive patterns? We are working on this with our UX team and I very much expect them to measure user understanding of the UI that we design for Popins in Chrome. It should be noted that a big motivator for this work comes from the potential user confusion from partitioning traditional popups, which is something we'd like to avoid. We believe that it can only be avoided by introducing a new UI paradigm, and this proposal builds the technical underpinnings for that. There is bound to be some level of uncertainty as we explore this space (it's a bit of a chicken and egg problem, we have to invent and prototype new designs to really measure their effect on users), but I want to make it clear that avoiding user confusion is a key goal for this effort. > * Regarding Non-JS Communication Alternatives: We noted that the main advantage of Partitioned Popins seems to be allowing secure communication without JavaScript. It may be worth investigating if this benefit can be achieved without the complexities of this approach, such as through a dedicated API or secure post-message alternative that maintains privacy and security integrity. Can you elaborate on "the complexities of this approach", i.e. what is the complexity? I'm not sure how leveraging access to partitioned cookies, which are a simple and secure mechanism (which "maintains privacy and security integrity") and already widely adopted by the ecosystem would be inferior to the development of a new dedicated API. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/956#issuecomment-2492852942 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/956/2492852942@github.com>
Received on Friday, 22 November 2024 04:30:08 UTC