Privacy features in Touch (cyanogenmod)?

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jul 2 19:32:18 UTC 2013 

On 13-07-02 03:19 PM, Matthew Paul Thomas wrote:
> J Fernyhough wrote on 24/06/13 13:28:
> 
>> On 24 June 2013 13:13, Marc Deslauriers wrote:
>>>
>>> On 13-06-24 08:07 AM, Matthew Paul Thomas wrote:
>>>>
>>>> J Fernyhough wrote on 22/06/13 16:06:
>>>>
>>>>> On 22 June 2013 15:12, Matthew Paul Thomas
>>>>> <mpt at canonical.com>
>>>>>>
>>>>>> On Ubuntu, an app will request a privilege during runtime.
>>>>>> For example, a game might have a "find my friends who
>>>>>> already play this game" function, that accesses your
>>>>>> contacts. The game would work just fine if you don't use
>>>>>> this function. But if you do use it, Ubuntu would then --
>>>>>> and only then -- ask you if you want to grant the app
>>>>>> access to your contacts.
>>>>> ...
>>>>>
>>>>> This is excellent! One quick feature request: a "remember
>>>>> this choice" checkbox. ;)
>>>>
>>>> I don't understand. Why would Ubuntu forget the choice
>>>> otherwise?
>>>
>>> Because granting a permission may depend on the context?
>>>
>>> For example, I may want to allow a photo application to use my
>>> GPS to tag a picture when I'm in some public place, but not when
>>> I take a picture when I'm at home.
> 
> A photo app that triggered an OS prompt to grant access to your
> location, after every photo you took, would quickly become intolerable.

Yes, agreed. Now that I think about it, it would in fact be intolerable. It
seems to me I currently do this sort of thing though with my Android phone...but
I can't seem to recall what the exact context is. Perhaps I'm thinking of the
browser prompting for a GPS authorization for each different web page, but that
is different.

> 
> More viable would be a setting to use your location unless you are
> within X distance of an editable list of locations.
> 
> And that setting would likely be more findable -- and would therefore
> protect more people -- in the photo app itself, rather than in System
> Settings. It would certainly be explained more clearly, because the
> photo app would know what it is using the location data for, while the
> OS would not. For example, you might want the app to record the
> location of every photo for your own reference, but strip it out when
> posting the photo online, whether that happened moments or weeks later.
> 
> This illustrates my general understanding of the purpose of the
> permissions feature. It is primarily for protecting against
> overzealous app developers. It is not workable for trying to control
> an app's use of data once the app does have access. That can be done
> more practically, and more understandably, inside the app itself.

Yes, I agree.

>>> Granting a permission shouldn't mean I grant it forever, unless
>>> I decide it should be forever...having both "Just this once" and 
>>> "Always" buttons satisfies my use case.
>>>
>>> Marc.
> 
> I don't see how those two buttons would satisfy that use case. If you
> didn't want to be prompted after every photo you took, each day you
> would tap "Always" after taking your first photo away from home, and
> then ... what? Have a separate app that detects when you're returning
> home, and reminds you to go into System Settings for your nightly
> revocation of location access to the photo app? Sooner or later you'd
> forget.

Yes, it was a bad use case, and I can't think of a better one now.

Marc.

More information about the Ubuntu-devel-discuss mailing list