Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Too many notices/permissions/consents #25

Open
benjaminwright1 opened this issue May 2, 2019 · 5 comments
Open

Too many notices/permissions/consents #25

benjaminwright1 opened this issue May 2, 2019 · 5 comments

Comments

@benjaminwright1
Copy link

One way to reduce the number of annoying consents and notices would be to deliver a general statement: "Watch out. This technology is new. It may handle privacy and security in ways that you do not expect. You should educate yourself about how this technology works and its strengths and weaknesses."
@avadacatavra
Copy link

We're currently working on figuring out the best way to approach permissions on the immersive web. Until then, the best way to respect users' rights and consent is to maintain permissions as they're found elsewhere on the web.

We're definitely aware of the problems with permission fatigue. I've written a post about how Mozilla is approaching the permission problem.

Thanks for bringing this up and I'm happy to chat more if you're interested (dhosfelt@mozilla.com)

@benjaminwright1
Copy link
Author

@avadacatavra Thank you for pointing me to your excellent post. I just read it. I agree with it.

I suggest the concept of informed consent can be expanded. Here is an analogy. A bicycle is a very dangerous device. But for many users, as they mount the bike, they know from life experience what the dangers are. They provide informed consent to those dangers without having to click through notifications and consent buttons. Yet if they are ignorant about bicycles, it is common knowledge that they can easily access videos and other material that will teach them about dangers and safety.

I am suggesting similar philosophy can often be applied to informed consent in the diverse and rapidly evolving world of AR/MR.

@johnpallett
Copy link
Contributor

I think this is already addressed as a consideration in the explainer, can you review and suggest things you'd add or change?

@benjaminwright1
Copy link
Author

@johnpallett Here's my thinking. AR/MR is a beautifully rich technology. It is evolving and will evolve. We cannot fully anticipate all of the sensors, functions and use cases.

As the Explainer recognizes, there are risks, dangers, downsides. We cannot fully anticipate all of those problems. As one way to address these problems, the Explainer discusses permissions. Permissions (the focus of early discussion above) can be helpful.

But at the beginning of this thread (#25), I offered a different idea by way of this sample language: "Watch out. This technology is new. It may handle privacy and security in ways that you do not expect. You should educate yourself about how this technology works and its strengths and weaknesses." I don't think of this language as a permission. Instead, it is like a sign at a swimming hole: "Swim at your own risk." In other words, if you jump in this water, without knowing how to swim, you are at risk. If you don't know how to swim, go get lessons.

To use the language of the Explainer, what I am offering is a "mitigation" that addresses all of the security and privacy "considerations" raised in the Explainer.

I do not see how my offered language is already addressed as a consideration in the Explainer as currently written.

So ... my idea might be expressed as a new section at the end of the Explainer:

"General Notice as Mitigation

"All of the privacy and security considerations raised in this Explainer might be mitigated with a general notice like this: 'Watch out. This technology is new. It may handle privacy and security in ways that you do not expect. You should educate yourself about how this technology works and its strengths and weaknesses.'

"This general notice emphasizes the responsibility of users to educate themselves. It implies that technology developers and providers have a responsibility to disclose how their technology works and to provide education. This general notice might reduce the need for other notices, permissions and consents."

What do you think?

@blairmacintyre
Copy link

I think what @avadacatavra and @johnpallett are dancing around is that offering a "watch out, it's dangerous out there!" warning to users has zero chance of passing muster with the security/privacy teams on the browser projects.

The web has been successful precisely because it doesn't take that approach: browsers take an active hand in preventing, whenever possible, the leaking of private information.

So, I don't think "reduce notices/premissions/consents by not asking for any, and telling the users the technology is dangerous" is a viable option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@blairmacintyre @avadacatavra @johnpallett @benjaminwright1