Skip to content

Commit

Permalink
Denying consent is better if undetectable as such (#476)
Browse files Browse the repository at this point in the history
* Denying consent is better if undetectable as such

This is not a full generalization of the concepts that discussed in #470 and #475, but I think that it suffices.

Closes #475.

* Link feature detection to consent

This is based on @dbaron's excellent feedback.  However, I took an extra
step with the last sentence here, which I'm not committed to.  There's
an argument to be had that anything like this probably shouldn't be part
of the web platform.

Now, with the controversy established, go!

* Typu

* can-be

Co-authored-by: Amy Guy <[email protected]>

---------

Co-authored-by: Amy Guy <[email protected]>
  • Loading branch information
martinthomson and rhiaro authored Jun 3, 2024
1 parent ca6bfaf commit 7ed4eb0
Showing 1 changed file with 16 additions and 2 deletions.
18 changes: 16 additions & 2 deletions index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,11 @@ of a new feature must justify the additional burden on users
to decide whether to grant permission for each feature
whenever it's requested by a Web page.

Refusal is most effective if the site cannot
distinguish refusal from other, common situations.
This can make it more difficult for a site to
pressure users to grant consent.

<p class="example">
For example,
the [Geolocation API](https://www.w3.org/TR/geolocation-API/)
Expand Down Expand Up @@ -558,11 +563,19 @@ in the language where it's used
In some cases, it may **not** be appropriate to allow feature detection.
Whether the feature should be detectable or not
should be based on the <a href="#priority-of-constituencies">user need</a>
for the feature:
if there is a user need or design principle which would fail
for the feature.
If there is a user need or design principle which would fail
if feature detection were available for the feature,
then you should not support feature detection.

Detecting the availability of a feature does not imply
detecting whether <a href="#consent">consent</a> to use the feature
has been granted.
Generally, detecting whether the feature is implemented
can be done separately from determining whether use of the feature has been authorized.
In some cases, it might be necessary to disable feature detection
in order to enable denying requests to use the feature.

Also, if a feature is generally not exposed to developers,
it is not appropriate to support feature detection.
For example, private browsing mode is a concept
Expand All @@ -576,6 +589,7 @@ See also:
* [[#do-not-expose-use-of-private-browsing-mode]]
* [[#do-not-expose-use-of-assistive-tech]]
* [[#secure-context]]
* [[#consent]]

<h3 id="secure-context">Consider limiting new features to secure contexts</h3>

Expand Down

0 comments on commit 7ed4eb0

Please sign in to comment.