If you think about it, it's just hoop jumping. So your solution is Web -> AppStore -> Install -> fingerprint -> Scan For and Access all bluetooth devices forever. I'd suggest Web -> Web App Install -> accept or fingerprint -> Pair with individual bluetooth device (no scan)
1
One downside: The Web App option removes a (annoying to some) gatekeeper (App Store) that can terminate apps when found to be malicious. What mechanism would you suggest to protect users from a web app that was found to be acting maliciously?
2
2
Really interesting question, first thoughts would be url and device blacklist (with an optional whitelist)… give me a couple of days I’ll give it some more thought.
3
I think solving this problem will be an important step towards unblocking access to some dangerous system features via the web.
3
1
But you support camera and GPS access today, right? It doesn't get much more dangerous than that, does it?
1
3
It comes down to fully informed consent. Risk of camera, or location is the obvious risk: site will see me and my surroundings, site will pinpoint my real world location. Likewise the benefit is simple to understand. So users have the info to make the choice.
1
1
12
With things like Bluetooth or USB the risk is subtle even to experts. We believe it’s wrong to put a choice on users that they don’t have the info to make. Not just us - if you read the Moz standards-positions on this tech, they make the same point. It’s Blink that’s the outlier.
2
1
15
Many people might not think that giving camera permission reveals their sexual orientation/preferences, or that giving location permission reveals their identity. A key difference is that the information that is being revealed can be clearly described in a nontechnical way.
Jan 29, 2022 · 12:50 AM UTC
2
4




