On May 24, 2012, at 7:56 PM, Adrienne Porter Felt wrote: > > Malware is going to use other forms of social engineering anyway. Non- > malware won't lie because of the fear of ramifications. Why not > include it for untrusted as well? You could design the UI with big > quotes around it or something to make it clear that it is something > the developer says, not something the browser/OS says.
Sure, but I'm more comfortable if users get phished the old fashioned way; less so if we enable new and improved ways of doing so. :) I'm not sure if your example would be accurately interpreted by most users. If the prompt said something like "This developer claims they want to access your <insert API here> for the supposed purposes of <insert rationale here>, but have no idea what they'll actually do with it" would it still be worth having? Lucas. _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
