Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preventing blackmail #171

Closed
ghost opened this issue Feb 14, 2018 · 8 comments
Closed

Preventing blackmail #171

ghost opened this issue Feb 14, 2018 · 8 comments

Comments

@ghost
Copy link

ghost commented Feb 14, 2018

Android permissions have evolved to allow a user allowing and denying specific requests made by an application. An application could just ask the user for location data, even though it was irrelevant for the functioning of the application. The application has to be able to deal with requests failing. This is useful because before the changes it was possible for an application to essentially blackmail a user into accepting permissions and refusing installation otherwise.

This problem is even worse on the web where absolutely no trust relationship to opened sites exist.

The question I am positing is: Does this proposal create similar problems?
@KOLANICH
Copy link

#54

@jyasskin
Copy link
Member

If you're happy with the new Android model, where users can decline particular permissions but still use the rest of an application, you should also be happy with the web model including permissions.query(). It's definitely possible for an application to say "if you don't grant this permission you can't use any of the site", on both Android and the web, but the structure of the APIs doesn't encourage it.

@KOLANICH
Copy link

KOLANICH commented Feb 14, 2018
edited
Loading

in fact any structure of the API allowing easy determination if the permission is granted does

@ghost
Copy link
Author

ghost commented Feb 16, 2018

@jyasskin This may not be in mainstream Android but at least some ROMs allow pretending that the data is available but returning for example an empty list of contacts. Shouldn't the API not only "not encourage" blackmail but make it more difficult?

@KOLANICH
I agree and therefore this specification should mandate that supporting this API also means supporting faking data, right?

@KOLANICH
Copy link

KOLANICH commented Feb 16, 2018
edited
Loading

@gutsle, there some emploees of the company taking the major share of browser market in W3C. That company somewhen have proposed to allow webapps to use sensors without permissions, which has been implemented in their OS for ages. The company seems to be interested somehow in allowing web apps spying on users. Maybe because it has own analytics and advertising services. But the good point that it cannot block the faking implementation by just refusing to accept the spec into the standard. I guess we need to make Mozilla to implement faking without taking in account the fact that this is not is in the standard.

@wseltzer
Copy link
Member

@KOLANICH the accusations in the message above go beyond the scope of appropriate discussion for W3C forums. Please do not do so again. This issue is closed.

@w3c w3c locked as too heated and limited conversation to collaborators Feb 16, 2018
@w3c w3c unlocked this conversation Feb 18, 2018
@dveditz
Copy link
Member

dveditz commented Feb 20, 2018

Nothing in the spec prevents a user agent (for example, the Tor Browser) from lying with the data returned if the permission is granted.

@KOLANICH
Copy link

Anyway I insist on standardizing the faking feature for encouraging browsers vendor to implement it, discouraging *mailing and encouraging users to recognize it as a part any browser must have.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jyasskin @KOLANICH @wseltzer @dveditz