should there be something to remedy the ability to create potentially-scary notifications?

[dbaron]

We got here from w3ctag/design-reviews#279, looking at this in a breakout within the TAG meeting.

One thing I noticed is that this seems, on some platforms, to add the ability to create a system-level notification with arbitrary text in it, and doesn't immediately appear to be gated on notification permission. This creates a risk of a site creating a background fetch called "Wiping your phone in 5 minutes unless you send [x] bitcoins to [addr]." or similar.

This actually occurred to me when I was looking at the explainer and noticing that its suggestions around title were partly something that could be provided by the implementation:

such as "Uploading 'Holiday in Rome'" or "Downloading 'Catastrophe season 2 episode 1'".

in that if the implementation could provide the "Uploading" or "Downloading" part of the text rather than the caller then that would make this a little bit less powerful.

Alternatively, @slightlyoff pointed out that this ability could be gated by the notification permission. (Or maybe it only should be on those platforms whene the download/upload progress indicators could be confused with notifications.) (The spec currently suggests not making background fetch gated up-front by a permission.)

There are probably a bunch of other options here. But this may be worth thinking about.

[jakearchibald]

I agree this is worth thinking about.

My current thinking is that "browsers allow downloads to start automatically already, so why is this different?"

Example: https://auto-large-download-test.glitch.me/

The above page starts a large download automatically (in Chrome and Firefox anyway) and manifests as a notification. I can set the "title" to anything I want via the file name.

Being able to set an icon is new. Being able to listen to clicks on the notification is new. Being able to start downloads in the background (eg from a push message) is new.

The spec allows the download to start "paused", and the UA may present this however they want. If the fetch is started in the background, I'd recommend UAs start paused, and perhaps allow the user to opt into auto-accepting downloads from this origin.

[jakearchibald]

There's some discussion on whether there should be a specific permission here, rather than just starting downloads in a "paused" state https://github.com/WICG/background-fetch/issues/87.

[dbaron]

My current thinking is that "browsers allow downloads to start automatically already, so why is this different?"

My thinking on how this was different is that with what we have today, the browser would have "Downloading" as part of the notification, which substantially reduces the ability to create misleading notifications.

[jakearchibald]

This isn't the case in Firefox.

The browser is free to put "Downloading" in the notification in both cases.

I think the main difference is the developer can control what happens when the notification is clicked in the case of background fetch.