On Thu, Jul 5, 2012 at 10:37 AM, Sid Stamm <[email protected]> wrote: > On 07/03/2012 08:07 PM, Jonas Sicking wrote: > >>> 1. For untrusted apps, should we show data usage intentions > (rationale) > >>> as permissions are requested? These strings are not reviewed by an app > >>> store, but as Adrienne pointed out, the value may outweigh the risk of > >>> deception. > >> > >> I think our permission UI should be trustworthy, which means the > >> user should be able to rely upon the information it presents. This > >> falls far short of that. > > > > I am also not a fan of this proposal. > > > > One option might be to put a link there that says something like "The > > developer of the application has provided a description of why they > > want this permission. Click here to see that description". > > > > When clicked we would replace the whole UI with something that shows > > the description as well as a 'back' button. > > > > That way the displayed UI is can be trusted, but if the user takes an > > explicit, and fairly clear, action, they can see the description. > > Sounds like we need to treat trusted apps and untrusted apps differently > regarding the usage intentions. > > I still think we should require (in the manifest) that the app developer > put something as the usage intention, but we don't have to display it to > users all the time, perhaps doing something like what you suggest here, > Jonas. >
I like the idea of having a "show more" button* that requires the user to click on something to see the developer's reason. It seems to meet all the constraints, plus it avoids cluttering up the prompt with extra text. It might make sense to do this for both trusted and untrusted apps to avoid confusing people as to why they sometimes have to click a button (and other times don't). It would be really interesting to initially instrument this so that you can see how many people actually click on it, and whether people who click on it are more or less likely to approve/deny the request. *I'm not literally suggesting it should say "show more" _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
