- From: Jeffrey Yasskin <jyasskin@google.com>
- Date: Thu, 12 Nov 2015 10:55:29 -0800
- To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Cc: Jake Archibald <jakearchibald@google.com>, WebAppSec WG <public-webappsec@w3.org>, Anne van Kesteren <annevk@annevk.nl>
On Wed, Nov 11, 2015 at 2:35 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > On Wed 2015-11-11 05:11:53 -0500, Jake Archibald wrote: <snip> >> and scupper one of the primary use-cases of background sync (queuing >> things to send while offline). > > queuing something to send while offline is (or should be?) an explicit > action taken by the user, with clear intent; isn't that effectively an > "opt-in"? Why would this be an action/state/permission that is hidden > from the user? As Jake said, for background sync, it usually will be based on an explicit gesture the user makes on a page. However, the browser doesn't know the difference between a "send later" gesture and a "click link" gesture, so if the browser wants to make sure the user's aware they're granting permission, the browser would need to pop up an explicit question. Then we have 2 problems: 1) if a user almost always accepts permission prompts, they may stop reading the prompts before saying 'yes', hurting privacy overall, and 2) the question needs to be phrased in a way the user understands. e.g. "Can this site interact with the network later?" will miss users who a) don't know what a network is, b) don't know that your network reveals your location, c) don't know that a network can figure out what sites you're using over it, d) don't understand what "later" could mean, etc. Overall, "get the user's explicit permission" is much more complicated than it sounds, and folks who ask for it need to try to answer the questions it raises. Jeffrey
Received on Thursday, 12 November 2015 18:56:29 UTC