[whatwg] Proposal for a web application descriptor

timeless timeless at gmail.com
Thu May 5 00:30:34 PDT 2011

On Thu, May 5, 2011 at 9:13 AM, Charles McCathieNevile <chaals at opera.com> wrote:
> If I understand correctly, I disagree.


> I might trust a given entity
> sometimes, or with some kinds of information, without wanting to simply say
> "sure whatever you want".

And I'm still haunted by web sites which pester me to click on things
before allowing access to content. It's pretty clear that if we let
web sites hold users for ransom, they will (privacy be damned). So we
really should have a model of "privacy secured by default".

> That's probably for the "hard-to-use mode" in the
> UI, but I think it's legitimate.

I'm hoping it isn't that hard.

> In practice, even given something as simple
> as twitter's geolocation request I *sometimes* allow it to know where I am
> and sometimes don't.

I'm hoping we'll eventually move to a model where users are able to
provide default values for things, e.g. "If anyone asks [about
GeoPositioning], I'm in Paris" (I'm currently sick in HEL, but no one
needs to know that). Or "If anyone wants to see what's outside my
window [i.e. visible from my Camera], show them this picture I took
the last time I had sunlight" (In case my cave doesn't have any

When a site accesses this information, it should show the user the
information it accesses, and the user (being the one who selected the
information) will understand what it means, if the user wants to give
a different GPS, Picture, etc. to the application, the user would
trigger a site option, and say "allow twitter to see my current
Location <until I get distracted, for this session, until 2pm,

Someday I'll try to make a decent mock up of this, I think I'll
eventually publish something @ http://timeless.justdave.net/blog/182/
(no, that url isn't finished, it's only finished when I publish it in
my atom feed)

More information about the whatwg mailing list