You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Isn't this a larger principle? Namely where designs that depend on something from a user, where the user might reasonably deny that something, those designs should avoid leaking information about denial such that sites might retaliate in some way. Designs can help with that by making denial indistinguishable from other reasons that the something might not be available (like in this case, where the something might not even exist). If that is not possible, then it might be appropriate to manufacture some base rate of failure.
It might make sense to connect this with the section on feature detection which currently suggests that "not supported in browser" and "not available in insecure contexts" should always be detectable in the same way, but that "not supported because of device unavailability" should be detected differently. That doesn't currently mention denial of consent, but maybe it should in some way. (However, I'm not sure how -- it's not clear to me that there's an obvious answer.)
* Denying consent is better if undetectable as such
This is not a full generalization of the concepts that discussed in #470 and #475, but I think that it suffices.
Closes#475.
* Link feature detection to consent
This is based on @dbaron's excellent feedback. However, I took an extra
step with the last sentence here, which I'm not committed to. There's
an argument to be had that anything like this probably shouldn't be part
of the web platform.
Now, with the controversy established, go!
* Typu
* can-be
Co-authored-by: Amy Guy <[email protected]>
---------
Co-authored-by: Amy Guy <[email protected]>
Originally posted by @martinthomson in #470 (comment)
The text was updated successfully, but these errors were encountered: