Requires permission to "manage your downloads" #74
I saw that Tabli requires permission to manage my downloads. Why? The others all seem quite reasonable but I can't immediately see what that is necessary for. Perhaps put on the website a justification of each permission required, so people can feel slightly more informed when accepting it.
The text was updated successfully, but these errors were encountered:
My sincere apologies for this troubling dialog and the entirely justifiable concern it raises.
This dialog box is from Chrome and is unbelievably painful in numerous ways.
First: Here is the actual diff in the permissions requested by Tabli between version 0.8.8 (that all users were running until yesterday) and yesterday's update:
That is: In spite of the terrifying dialog and Chrome's default behavior of disabling the extension, the only change in permissions was the permission for Tabli to read Chrome's FavIcon cache (!).
As for the "Manage your Downloads" permission: It is not currently used in production at all.
That permission is needed in exactly one place in the code right now - a dev-only facility for exporting a snapshot of window state for use when debugging or creating integration and unit tests.
So why is the permission there if it's not needed in production? Because I can imagine some day exposing this ability for a user to generate a dump of their window state that they would send to me if they encounter an arcane bug. When and if I some day add that feature, I wanted to avoid having to put all users through the above poorly-designed and misleading permissions dialog.
I hope the above explanation makes sense, even if the answer is a bit disappointing (at least to me). Thank you for the suggestion to make Tabli permissions clearer and more explicit on the Tabli web site; I agree that would be helpful.
Thank you @antonycourtney for all the effort putting into this.
I should say, I didn't find your argument for getting permissions strong enough. Just because you know you are not doing with a permission, it doesn't mean users would also know. And if you put yourself in the users' shoes, the only way for the them to know is to read the entire code base.
These are not codes of conduct. Users are becoming more and more aware and the ecosystem is adopting to this. For example, as you can see, when there is a new change in permissions list, Chrome reminds the user of all the permission (including those already granted). And that is not at all a "poorly-designed and misleading permissions dialog" as you described it.
To conclude, for those who are doing the right thing, like yourself, it's important to follow guildines and specially 'best practices' and have a rigid internal policy, so that over time we can filter bad actors out of the ecosystem.
Thanks for sharing your perspective.
For what it's worth, I did the right thing and removed the unused "Downloads" permission in January of 2017.
It gives me no pleasure to report that my reluctance in removing that permission played out exactly the way I feared it would: Because removing the "Downloads" permission resulted in forcing all users to re-permission the extension through the above permissions dialog, with absolutely no indication to the user that the update to Tabli was in fact using less permissions than before the update, the result was a massive number of uninstalls of the Tabli extension -- the single biggest one day drop in users in the five year history of the extension.
My criticism of the Chrome permissions dialog design is that it is simultaneously too technical for novice users and not technical enough for advanced users. Specifically: