Users increasingly encounter moments when a website asks for permission to gather some personal data or access to their device hardware: "Can we access your GPS position? Your microphone or camera? Your Bluetooth? Can we send you push notifications about breaking news or premium chocolate subscription offers?"
Permissions, as these asks are known, give the web exciting powers. Already around a dozen browser features range from tapping low-level hardware and software functions like the clipboard to the increasingly persistent ability of sites to access files on a user’s disk. More are soon to come. But with great power comes more security and privacy risks. At this point, there are few viable alternatives for websites to manage access in any way other than asking users, and assuming they understand the risks involved.
WIRED OPINION
ABOUT
Dr. Lukasz Olejnik (@lukOlejnik) is an independent security and privacy researcher and advisor, W3C Technical Architecture Group member, and research associate at the Center for Technology and Global Affairs at Oxford University.
These permissions are typically very easy for users to manage. When the user grants a permission, the browser often memorizes it and never asks again, for better or for worse. It's known that users are prone to fatigue from
Support the originator by clicking the read the rest link below.
