This post has been transferred from spec: require user consent for apps to send data to the chat · Issue #33 · webxdc/webxdc_docs · GitHub
Something like “apps MUST NOT be allowed to send any data to the chat (sendUpdate()) unless the user has given explicit consent to that”. The prompt should also state that the app may share ANYTHING they do inside the app to the chat, so if they don’t trust the app, they better not allow it to send data, or not input anything sensitive there (that also makes me think if users should be warned about not putting sensitive stuff in the apps BEFORE they can launch it).
It’s because:
- Apps can potentially used for some fingerprinting. E.g. a stranger sends you an app, you open it and it immediately sends out info about your system to the stranger.
- Some users may put sensitive stuff inside the apps, not expecting the app to share that info with the chat (e.g. “type your social security number to know who you were in your past life”).
The more general idea behind all of this is to tell the users what they should expect from the apps. E.g. they would want to know that apps cannot communicate with the internet directly. Or that they already know it, and assume wrong things based on this (like that apps cannot communicate with the chat either).
TODO:
- specify how the consent must be given - like a global option for all apps, or per-app, only when they try to send data for the first time, or each time an app sends a message - with full contents of the message, or somethings else.