As it stands, users can only find out what applications do with their data if they go read a long privacy policy. Consequently, users likely assume that their data is only being used for the functionality that they see. For example, consider a game that asks for contacts in the context of finding friends who also use the same game. Without reading the long privacy policy, the user has little way of knowing that this app will now *also* add those contacts' e-mail addresses to their mailing list.
Now imagine that developers had to specify the rationale for their actions as part of the request. To continue my earlier example, the user would immediately know that the data would be used for both friend-finding and spam. Most developers are incentivized to be honest: if they are caught lying, they'll face civil suits, removal from "official" markets, bad press, and a decline in popularity. The odds of encountering outright malware are fairly small, but users routinely install applications that want to stretch the bounds of data usage. I'm personally in favor of designing for the much more common case. Here are some examples from the WWDC iOS 6 demo: http://twitpic.com/9yo9n4. On Tue, Jun 26, 2012 at 6:45 PM, Lucas Adamski <[email protected]> wrote: > On May 24, 2012, at 7:56 PM, Adrienne Porter Felt wrote: > >> Malware is going to use other forms of social engineering anyway. Non- > > malware won't lie because of the fear of ramifications. Why not > > include it for untrusted as well? You could design the UI with big > > quotes around it or something to make it clear that it is something > > the developer says, not something the browser/OS says. > > Sure, but I'm more comfortable if users get phished the old fashioned way; > less so if we enable new and improved ways of doing so. :) > > I'm not sure if your example would be accurately interpreted by most > users. If the prompt said something like "This developer claims they want > to access your <insert API here> for the supposed purposes of <insert > rationale here>, but have no idea what they'll actually do with it" would > it still be worth having? > Lucas. > > _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
