search

immersive-web / privacy-and-security

Cross specification concerns and suggestions for privacy and security for the immersive web (Feature lead: Mounir Lamouri)
16 stars 8 forks source link

Too many notices/permissions/consents #25

Open benjaminwright1 opened 5 years ago

benjaminwright1 commented 5 years ago

One way to reduce the number of annoying consents and notices would be to deliver a general statement: "Watch out. This technology is new. It may handle privacy and security in ways that you do not expect. You should educate yourself about how this technology works and its strengths and weaknesses."

avadacatavra commented 5 years ago

We're currently working on figuring out the best way to approach permissions on the immersive web. Until then, the best way to respect users' rights and consent is to maintain permissions as they're found elsewhere on the web.

We're definitely aware of the problems with permission fatigue. I've written a post about how Mozilla is approaching the permission problem.

Thanks for bringing this up and I'm happy to chat more if you're interested (dhosfelt@mozilla.com)

benjaminwright1 commented 5 years ago

@avadacatavra Thank you for pointing me to your excellent post. I just read it. I agree with it.

I suggest the concept of informed consent can be expanded. Here is an analogy. A bicycle is a very dangerous device. But for many users, as they mount the bike, they know from life experience what the dangers are. They provide informed consent to those dangers without having to click through notifications and consent buttons. Yet if they are ignorant about bicycles, it is common knowledge that they can easily access videos and other material that will teach them about dangers and safety.

I am suggesting similar philosophy can often be applied to informed consent in the diverse and rapidly evolving world of AR/MR.

johnpallett commented 5 years ago

I think this is already addressed as a consideration in the explainer, can you review and suggest things you'd add or change?

benjaminwright1 commented 5 years ago

@johnpallett Here's my thinking. AR/MR is a beautifully rich technology. It is evolving and will evolve. We cannot fully anticipate all of the sensors, functions and use cases.

As the Explainer recognizes, there are risks, dangers, downsides. We cannot fully anticipate all of those problems. As one way to address these problems, the Explainer discusses permissions. Permissions (the focus of early discussion above) can be helpful.

But at the beginning of this thread (#25), I offered a different idea by way of this sample language: "Watch out. This technology is new. It may handle privacy and security in ways that you do not expect. You should educate yourself about how this technology works and its strengths and weaknesses." I don't think of this language as a permission. Instead, it is like a sign at a swimming hole: "Swim at your own risk." In other words, if you jump in this water, without knowing how to swim, you are at risk. If you don't know how to swim, go get lessons.

To use the language of the Explainer, what I am offering is a "mitigation" that addresses all of the security and privacy "considerations" raised in the Explainer.

I do not see how my offered language is already addressed as a consideration in the Explainer as currently written.

So ... my idea might be expressed as a new section at the end of the Explainer:

"General Notice as Mitigation

"All of the privacy and security considerations raised in this Explainer might be mitigated with a general notice like this: 'Watch out. This technology is new. It may handle privacy and security in ways that you do not expect. You should educate yourself about how this technology works and its strengths and weaknesses.'

"This general notice emphasizes the responsibility of users to educate themselves. It implies that technology developers and providers have a responsibility to disclose how their technology works and to provide education. This general notice might reduce the need for other notices, permissions and consents."

What do you think?

blairmacintyre commented 5 years ago

I think what @avadacatavra and @johnpallett are dancing around is that offering a "watch out, it's dangerous out there!" warning to users has zero chance of passing muster with the security/privacy teams on the browser projects.

The web has been successful precisely because it doesn't take that approach: browsers take an active hand in preventing, whenever possible, the leaking of private information.

So, I don't think "reduce notices/premissions/consents by not asking for any, and telling the users the technology is dangerous" is a viable option.