On Mon, Jul 2, 2012 at 3:36 PM, Lucas Adamski <[email protected]> wrote: > On Jun 30, 2012, at 1:52 AM, Sid Stamm wrote: > >> Hi All, >> I updated the security model wiki page to reflect the things we talked >> about in the late-May thread. The changes were pretty minor since, as a >> few people pointed out, the underpinnings of the privacy updates were >> already considered in the model! Here's a diff: >> >> https://wiki.mozilla.org/index.php?title=Apps/Security&diff=446856&oldid=441197 >> >> There are still a few open issues that I think we can easily iron out. >> >> 1. For untrusted apps, should we show data usage intentions (rationale) >> as permissions are requested? These strings are not reviewed by an app >> store, but as Adrienne pointed out, the value may outweigh the risk of >> deception. > > I think our permission UI should be trustworthy, which means the user should > be able to rely upon the information it presents. This falls far short of > that.
I am also not a fan of this proposal. One option might be to put a link there that says something like "The developer of the application has provided a description of why they want this permission. Click here to see that description". When clicked we would replace the whole UI with something that shows the description as well as a 'back' button. That way the displayed UI is can be trusted, but if the user takes an explicit, and fairly clear, action, they can see the description. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
