- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Mon, 02 May 2011 12:47:26 +0300
On Sat, 2011-04-30 at 09:52 -0400, Glenn Maynard wrote: > > Asking for specific permissions in the context of a user action is > > the > > only model that makes sense to me. When applications ask for a big > > bundle of > > permissions in advance, how can I as a user know what to do? I'm > > sure to get > > into a habit of either blindly denying the permissions (crippling > > applications), or granting the permissions (terrible for security). > > > > While some Mozilla developers may think "big bundle of permissions" > > is a > > good idea, others such as me do not. > > I'd wonder what their response is to Android; the problems on that > platform > are obvious. The result is exactly as you say: people end up giving > up and > just accepting everything. There's also the problem that legitimate permission requests that lack context make people who understand the implications needlessly cautious. For example, some of my friends were suspicious of Firefox for Android wanting access to geolocation. The request for the permission wasn't in the context of an explanation of how Firefox uses that system API to implement the Web geolocation API and has its own authorization UI layer on top of it. (I think asking for a specific permission in the context of a user interaction is better than asking for a bunch of stuff up front.) -- Henri Sivonen hsivonen at iki.fi http://hsivonen.iki.fi/
Received on Monday, 2 May 2011 02:47:26 UTC