Add UX considerations section

[mounirlamouri]

No description provided.

[jyasskin]

Do we have any security considerations, or is this just "There are no known security impacts of this feature."

[marcoscaceres]

I don't know if we have gone through Mike's questionnaire. We should do that (maybe post the questions at the top, and we can all edit them and then put them in the spec?)

We should also provide a link to the repo asking people to report any privacy/security issues/concerns here.

[annevk]

There's obvious impacts, right? Poorly designed UX can lead to users exposing themselves to attackers.

[marcoscaceres]

@annevk, absolutely. The same with presenting multiple permissions at once, which can lead to information overload.

[miketaylr]

A few ideas:

UAs should take care to present permission dialogs in such a way that users can understand the implications of a permission, etc. Permission fatigue is a thing, etc. Something about permission spam, etc. Security UX implications.

Some stuff for inspiration:
https://blog.nightly.mozilla.org/2019/04/01/reducing-notification-permission-prompt-spam-in-firefox/
https://www.w3.org/Privacy/permissions-ws-2018/report.html might have something useful to learn as well.

https://www.w3.org/Privacy/permissions-ws-2018/papers/martin-thomson.pdf is pretty decent as well.