Intent to Prototype: Selective Permissions Intervention

44 views

Skip to first unread message

Josh Karlin

unread,

10:04 AM (3 hours ago) 10:04 AM

to blink-dev, Alex Cone, Sathish Manickam

Contact emails

jka...@chromium.org, alex...@google.com, skman...@google.com,

Explainer

https://github.com/explainers-by-googlers/selective-permissions-intervention

Specification

https://github.com/w3c/webappsec-permissions-policy/pull/572

Summary

When a user grants a website permission to access a powerful API like their precise geolocation, microphone, camera, screen, or clipboard contents, their consent is intended for the site, not necessarily to every third-party script running on the page. In particular, embedded ad scripts can currently leverage the page's permission to opportunistically access this sensitive data. The user may not be aware that advertising entities are accessing their information. This intervention aims to better align a granted permission with user intent by preventing ad script in a context with API permission from using it, reinforcing user trust and control over their data.

Blink component

Blink

Web Feature ID

3755

Requires code in //chrome?

True

Launch bug

https://launch.corp.google.com/launch/4438786

Estimated milestones

No milestones specified

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5138246835240960?gate=5082118592004096

Reply all

Reply to author

Forward

0 new messages