- From: Peter Kasting <pkasting@google.com>
- Date: Wed, 21 Nov 2012 17:26:07 -0800
- To: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
- Cc: whatwg@lists.whatwg.org, Mounir Lamouri <mounir@lamouri.fr>
On Wed, Nov 21, 2012 at 5:11 PM, Nils Dagsson Moskopp < nils@dieweltistgarnichtso.net> wrote: > The proper solution is to let people vote with their wallet for devices > that are perceived as making input easier – not to hand over power to > site users making it easier to sniff data. > This contains what I think are multiple false assumptions: (1) It's reasonable to discriminate against devices that don't make input as easy as my desktop computer with its full-size keyboard. Given the rise of mobile web usage, it seems clear that users will increasingly access the web with devices that physically can never be as accommodating as my desktop computer can. I don't think that allows us to simply say "oh well" and ignore the problem. (2) The proposals make it "easier to sniff data". The entire point of my email was that IMO this is simply false. > It's already the case that Chrome can autofill my credit card number > > into a form that asks for it, so I'm not totally sure why the proposed > > capabilities here are viewed as new and scary. It seems like we're > > just trying to expose a slightly nicer event system for letting > > authors interact with the existing UA feature set. > > Looks like an is-ought-problem to me. The descriptive (“It's already > the case …”) can not tell us much about what should be done by virtue > of its existence alone. Did you use „new and scary” to imply opponents > appeal to tradition? > No, I used it to make clear that, at least for some UAs, there is no new user data being exposed in these proposals, nor is existing data being exposed to whole new types of sites. A consideration of whether new APIs represent an additional security or privacy risk must take these factors into account. It is also possible that UAs with existing autofill capabilities (like Chrome) are already insecure today, in which case it'd be very useful to note existing problems so that these UAs can fix them and other vendors can avoid the problems. What Chrome can do is started by users; even then a warning is given: > <http://support.google.com/chrome/bin/answer.py?hl=en&answer=142893> > > > It's important that you use Autofill only on websites you trust, as > > certain websites might try to capture your information in hidden or > > hard-to-see fields. > And those same properties -- that these APIs require a user gesture, that the UA is in control of the presentation, and that ultimately it is up to users to use them responsibly -- are all true here as well. > The systematic difference – for me – is that the proposed functionality > may make easier to trick a user into agreeing to „autocomplete > everything“ than the current functionality does. Please explain precisely how you see this occurring, because this is the key part of your argument that I don't grasp, but you've provided no explanation for it. An informative reply might be a detailed scenario complete with an explanation of why the malicious site in question could not accomplish a similar effect with existing UA capabilities. This would be very helpful in informing the design here. PK
Received on Thursday, 22 November 2012 02:37:55 UTC