earlier replies
Replying to @rwaldron @getify
there are lots of things wrong with Mozilla the org, but I trust the engineers who write those standards positions.
2
2
here's why I don't trust it... these positions don't seem (from what I can read) to distinguish websites from installed web applications, with respect to harm risk. to me, that's an awfully short-sighted take.
3
7
Also generic sensors doesn't give you raw access to the sensors - which it sounds like in the std position. Lots of restrictions in place on when you have access, restrictions of frequency etc. This is much better than the existing API shipped by Moz
5
"permission prompts confuse users" I'd like to see the supporting evidence here, and I'm not being antagonistic, I honestly want to know more about this. I also wonder if this will still be true now that Apple is going consent-everything on the iPhone.
1
1
"This web app would like to access your device's accelerometer to _____. Accelerometers measure movement, motion and vibration." [ Allow? ] [ Disallow ]
2
2
4
Does that explain that if you leave the accelerometer on while you walk around a city, the app could tell what route you took by matching it to maps?
1
Or that if the accelerometer is enabled while showing you videos of people you might find attractive, the app could probably figure out your sexual preferences/orientation?
1
Is that necessary though? Can't one limit the accelerometer data only when the app is in use? Aren't android/ios moving toward that direction (permissions that are granted while the app is in use)?
1
3
Replying to @samuelgoto @rwaldron @getify @MarcosC @kennethrohde @devsnek
That probably fixes most cases of the first attack I mentioned, but doesn't do anything to alleviate the second.

Oct 30, 2020 · 3:50 AM UTC

2
Replying to @davidbaron @samuelgoto @rwaldron @MarcosC @kennethrohde @devsnek
what bothers me most about conversations like this is I can't see how any of the arguments uniquely apply to webapps but not native apps. and if they aren't that different, then it seems really counterproductive to only wage the battle on the web standards front.
1
Clicking/tapping/activating a link should be a safe action that users don't have to reason carefully about. Some of these arguments are indeed different if the user has performed some sort of installation ceremony for the Web app... though I don't think we've standardized that.
1
more replies
Replying to @davidbaron @rwaldron @getify @MarcosC @kennethrohde @devsnek
An app would choose to put in front of a user an invasive permission so that it can use the accelerometer data to correlate your sexual preferences while you look at pictures? You are probably right generally speaking, I believe you, but this specific scenario is absurd.
1
That goes back to @marcosc's question about whether the description of the permission is sufficiently clear about the implications. Do users actually see accelerometer as invasive, or as something that gives them neat bouncy effects in the corners of the screen?