seanh
commented
8 years ago Do you think that, as well as having this settings screen, we should also ask for each permission the first time we use it?
- The first time the user loads any page in any tab with or without h activated after installing the extension, we ask for the "Read your history" permission so we can show the badge number.
- The first time the user actually activates h on a page, or maybe the first time they navigate a tab with h activated, then we'd pop up and ask for the "Read and change everything" permission so that we can keep Hypothesis active.
Whether the user says yes or no to these requests, it'd be nice if we could show a message letting them know they can change their mind in our settings page.
robertknight
This is a write up of an investigation into reducing the permissions required by the Chrome extension.
This is what we currently ask for on installation:
By contrast, this is what the user will see with the gradual-permissions prototype - and the "change your data on stage.hypothes.is" part is something that we could yet remove:
After installation, the user is able to annotate pages and view annotations as normal. Two pieces of functionality require additional permissions 1) showing the badge count and 2) keeping the extension active when navigating between pages.
The prototype adds a basic settings page to the extension which provides controls for additional features that require extra permissions:
Opting into the badge count, which we could do as part of an onboarding screen, will show a prompt asking to read the user's browsing history - but not read the pages they visit:
Opting into keeping the extension active, or any other feature which automatically activates Hypothesis on any pages, will show the most dramatic prompt for access to read all of the user's data: