New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Requires permission to "manage your downloads" #74

Open
ndmitchell opened this Issue May 31, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@ndmitchell

ndmitchell commented May 31, 2016

image

I saw that Tabli requires permission to manage my downloads. Why? The others all seem quite reasonable but I can't immediately see what that is necessary for. Perhaps put on the website a justification of each permission required, so people can feel slightly more informed when accepting it.

@antonycourtney

This comment has been minimized.

Owner

antonycourtney commented May 31, 2016

My sincere apologies for this troubling dialog and the entirely justifiable concern it raises.

This dialog box is from Chrome and is unbelievably painful in numerous ways.

First: Here is the actual diff in the permissions requested by Tabli between version 0.8.8 (that all users were running until yesterday) and yesterday's update:

image

That is: In spite of the terrifying dialog and Chrome's default behavior of disabling the extension, the only change in permissions was the permission for Tabli to read Chrome's FavIcon cache (!).

As for the "Manage your Downloads" permission: It is not currently used in production at all.

That permission is needed in exactly one place in the code right now - a dev-only facility for exporting a snapshot of window state for use when debugging or creating integration and unit tests.

So why is the permission there if it's not needed in production? Because I can imagine some day exposing this ability for a user to generate a dump of their window state that they would send to me if they encounter an arcane bug. When and if I some day add that feature, I wanted to avoid having to put all users through the above poorly-designed and misleading permissions dialog.

I hope the above explanation makes sense, even if the answer is a bit disappointing (at least to me). Thank you for the suggestion to make Tabli permissions clearer and more explicit on the Tabli web site; I agree that would be helpful.

@ndmitchell

This comment has been minimized.

ndmitchell commented Jun 1, 2016

Generally any app which says which permissions it uses and why it uses them is enough to convince most people.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment