-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TAG] Reading systems and permissions prompts #1958
Comments
The text has been strengthened:
|
Thanks @dauwhe. Has there been any further thought about access to features which in a browser would require a permission prompt? |
The issue was discussed in a meeting on 2022-04-08 List of resolutions:
View the transcript1. Close Privacy & Security Issues.Dave Cramer: the TAG has reappeared of making a couple comments, I am making a PR to mention that when using web APIs, which have the most dramatic privacy and security implications (geolocations, push notifications) then you should get user consent. See github issue epub-specs#1959. Dave Cramer: we have several issues where there was never much discussion in the issue (#1959 for example). Ivan Herman: we had a lot of discussion with PING, good discussions, after which we made extensive additions to answer the issues they raised. Gregorio Pellegrino: so is this passed? it is okay? See github issue epub-specs#1872. Ivan Herman: yes, it is okay. Dave Cramer: risk of exposure and finger printability. See github issue epub-specs#1873. Dave Cramer: obfuscation, which we've discussed extensively, followed by updates to the spec docs. See github issue epub-specs#1875. See github issue epub-specs#1876. Dave Cramer: interactivity, which we've addressed as best we can given that it's ambiguous. See github issue epub-specs#1957. Dave Cramer: we enumerated the threat model, which deals with #1957. See github issue epub-specs#1958. Dave Cramer: permission prompts, we're dealing with this, strengthened text. See github issue epub-specs#1959.
Dave Cramer: broad user expectations issues, which is covered by the other changes we've made.
Dave Cramer: I think the spec is now much more informative/clear about some of these issues, so thanks everyone.
|
It is left up to the reading systems to decide how to handle executing scripts and interacting with sensors, and I note (in Reading Systems, Scripting Considerations):
Which is a great recommendation. Could this be strengthened or made more obvious by splitting out Security and Privacy into separate sections in the spec?
What thought has been given to scripts/sensor access which in a web browser would require a permission prompt? Is there scope for security/privacy recommendations for reading systems about this? One option would be to recommend that reading systems simply do not execute any scripts that would normally trigger a permission prompt - I imagine the experience of reading being interrupted by a prompt would be poor. Another option is to think about front-loading required permissions, ie. asking them the first time the book is loaded, or at the point of download (with options to change this decision later in the settings).
The text was updated successfully, but these errors were encountered: