2012/3/9 lkcl luke <luke.leigh...@gmail.com> > On Sat, Mar 10, 2012 at 4:44 AM, Jonas Sicking <jo...@sicking.cc> wrote: > > > However if you instead make the dialog say "This website is trying to > > get your current location. What do you want to do?" with two buttons > > that say "Give my location to website" and "Deny access", then you > > have a better chance of getting a more relevant answer. > > that's a bloody good idea. > > do you know what? it's the only time i've ever heard *anyone* come > up with a decent way to deal with the > idiot-user-clickety-click-to-get-rid-of-the-what's-that-dialog > problem. > > > > Maybe provide both pieces of information is the best solution. I.e. > > make the dialog say "This app wants access to your IMEI number. If you > > grant this access they can do evil actions X and Y. And if you grant > > access to multiple apps they can track you across apps." and then make > > the buttons say "Grant IMEI number" and "Don't grant IMEI number". > > HA, that's hilarious. can you imagine a profit-maximising company > such as google, apple or palm/hp coming up with something like this? > *sotto voice* "oo noo, mr deevelupurr, we couldn't possibly do > something like actually tell people they could be tracked, it might > scare away the customer and that would hurt our profits". > > remember though that you'll have to make those dialog buttons be > "Give away IMEI number and be tracked for as long as you shall live" > and "Don't grant IMEI number and be denied the use of this wonderful > free addictive application which aalllll of your peers have been > pressurised into installing" :) > > *cough* sorry cynical of me. >
Regardless of the prompts and dialogs chosen it's critical -- for both devs and laymen -- to be able to able to get quick access to a detailed list of capability grants for any given application from the application itself. And not just for b2g and mobile -- it should be right there with view-source, fundamental to gecko. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security