- From: cowwoc <cowwoc@bbs.darktech.org>
- Date: Fri, 29 Nov 2013 00:07:26 -0500
- To: public-webrtc@w3.org
- Message-ID: <5298210E.6090108@bbs.darktech.org>
On 28/11/2013 9:42 PM, Martin Thomson wrote: > > On Nov 28, 2013 9:13 AM, <stephane.cazeaux@orange.com > <mailto:stephane.cazeaux@orange.com>> wrote: > > It was proposed in this thread to have a consent box displayed every > time an application wants to make screen sharing, where this consent > box would force the user to select what will be shared (whole screen, > one application, etc …) without possibility to simply accept. > > I hope that you mean 'force' in the right sense here. Modal dialog > windows are well understood as producing poor outcomes. > > > After reading the whole thread, I don’t understand what the Chrome > Apps model solves that would not be solved by this proposition. Is it > possible to have a summary of the main arguments? > > For reasons underlying the above, I don't believe that this model > would get the desired results. All arguments in favour of any 'just > ask the user' don't seem to appreciate the seriousness of the threat > when weighed against the difficulty of obtaining truly informed consent. > > In discussions I had with the UX designers on IE, they listed several > guiding principles, most relevant being: never ask a user any question > with consequences that are not immediately obvious. In this > discussion, no proponent of 'just ask the user' has properly addressed > this concern. > > I remain opposed to any solution that allows an application to put > such a question in front of a user. > With all due respect, when a user gets an email linking them to a video of kittens it doesn't matter one ounce whether you ask them to install a plugin or click through a consent dialog on the website itself. They will click through anything just so they can get back to watching kittens. Do you honestly believe that your typical grandparent will benefit from one approach over the other? They're not stupid. They simply have better things to do with their time than learning about computer security. Until someone provides us with concrete figures showing that users respond to one form of dialog better than another I consider this all hearsay. It's silly that people are arguing with such conviction about what is more secure when in reality this conversation isn't based on facts, it's based on gut feelings. The only fact that we know for sure is that users suffer from security warning fatigue. Gili
Received on Friday, 29 November 2013 05:08:40 UTC