Notes from W3C Workshop on Permissions and User Consent

W3C Workshop on Permissions and User Consent

September 26, 27, San Diego

The problems with web permissions – W3C User consent and permissions working group

Much of the value of the internet is based on user trust of the internet. As this trust is broken, the internet is devalued.

The overload of permission requests is causing fatigue and reducing the trust. People are becoming fatigued to cookie reminders and popups and leading to blindly clicking on acceptance.

Loading a permissions request as soon as the page loads doesn’t allow the user to trust the site, what does it represent, and why they should allow the service.

Confusing wording, especially for nefarious purposes
“uncheck here to continue to not receive notifications”

Bundled, implied, inherited permissions. You accept a master permission request without knowing it has a set of sub-permissions.

Blocking content until permissions are granted is keeping users from gaining trust and understanding the value of the site. Tumbler has a full page takeover

Conversation points
(audience includes browser manufacturers, publishers, academia, and W3C leaders)

  • What is required by law? some of the complexity is part of the legal requirements
  • Disagree with sharing data, data still shared
  • Context – what is actually inferred in the data sharing, for instance geolocation providing home location
  • Can consent be withdrawn easily
  • Are users really informed, too complex
  • Permissions process should also follow WCAG accessibility guidelines
  • Trust is gone, people already assume the system is corrupt.
  • Signal/noise – confuse user into consent
  • Understanding a company’s use of data is overwhelming from the inside, due to fragmentation in development process. So how do you legitimately declare your data usage?
  • Sensors that don’t require permissions can be used for fingerprinting.  what should we be prompting for and are there any backwards permissions that need to be adopted.
  • Users throw up their hands. with so many permissions and sensors being used, people may give up from frustration.  fatigue or fatalism
  • Do not track included transparent information, such as privacy policy location, opt out process, etc.
  • Should settings for what you give consent be in the browser or in the web site.
  • Readable language may make it easier to read, but it doesn’t mean that it is providing a full grasp of what the permissions are allowing, such as cameras accessing private details that go beyond a selfie or light/color detection (expected use)
  • Problem is with premise: we need to obtain permission to do these things. Do we need to have them at all? Should browsers be sharing this in the first place? Apple’s storage access API turns off the function. someone that allows this is open to abuse. So, the prompt is at the device level, not the web. What features do we believe the web platform needs? Should there be a baseline for what browsers do not share.
  • We can build an API that restricts access, but people could realize they didn’t ask for permission, so they use a polyfill that uses a previously consented API to pull in additional information. Such as using the camera app to determine location or sound.
  • Good example: input type file, drag and drop… these are implicitly given permission via the platform.
  • The browser should be handling the permissions model.
  • There are three actors:
    • The perfect actor
    • The absolute devil
    • Everyone else. People that provide a useful service, but also want as much data as possible to earn a profit.  It’s not that they want as much data, they may be forced to get that much data within the advertising industry.  Publishers would prefer browsers stop this.
  • Advertising is the center of most data abuse. Advertising industry is requiring this data and forcing sites to abuse the process. Brave is an example of a browser that is not allowing third party data exchange.
  • The internet has grown quickly via organized chaos. Business models are built on this, not all is for abusing the system. But we shouldn’t allow this to prevent the next generation of applications.
  • should the web give access to sensors and devices? in the term of IoT? How do we allow the web of things while providing privacy, such as discovering other devices? Some devices may not have a display and permissions are asked via secondary interfaces.
  • There’s still a difficulty of understanding the downstream information from a single page
  • Who owns this problem?
    • web platform
    • publisher
    • government/laws.
    • All of these move at different speeds
  • The web is inherently casual. There is value in having a distinction between applications and the web. The act of installing software was important. This doesn’t exist in visiting a web site.

Continue reading “Notes from W3C Workshop on Permissions and User Consent”

Fix Copy/Paste on your Mac

I’ve been having recurring issues with my MacBook Pro not allowing me to copy/paste. It’s especially frustrating with code samples that you don’t want to re-type. This article by OSX Daily has great advice on fixing this issue: Copy Paste Not Working on Mac? Here’s How to Fix a Stuck Clipboard

Reset your clipboard via Terminal

This is the easiest method to fix this issue.

If you prefer to use the Terminal to remedy the problem, do the following:

  1. Open the Terminal application, found in /Applications/Utilities/
  2. Type the following command exactly:

    killall pboard

  3. Hit Return
    1. This will terminate and relaunch the pboard process, which is the clipboard daemon for Mac OS. If you’re savvy with the command line you can immediate test if the clipboard is working as expected with pbcopy and pbpaste, the command line tools that work with the clipboard on the Mac.

      Copy Paste Not Working on Mac? Here’s How to Fix a Stuck Clipboard

Bookmarklet for highlighting images that lack alt attributes

The following bookmarklet will highlight images lacking alt attributes by turning them grey.
!Alt Images

To use this, drag the link to your bookmark toolbar. Go to your favorite inaccessible page and press the bookmarklet. It will instantly turn images without alt attributes grey. Images with empty alt text will became 50% opacity.

Credit to @jdjuan

Google IO 2018 Notes: Keynote

Google AI is opening centers around the globe. Last year they began studying retinopathy in India. The AI systems are finding additional information from eye scans, such as cardiovascular risks.

They are also using AI to predict medical events. 76% success in predicting short term regression

Continue reading “Google IO 2018 Notes: Keynote”

Google IO 2018 notes: How applications of neuroscience are improving accessibility


Learn from extraordinary people working to advance accessibility through innovation. Acclaimed neuroscientist David Eagleman is translating and feeding data through the skin using wearable tech. Haben Girma has refused to let the fact that she is deafblind limit her and believes that inclusion is a choice. Jyotsna Kaki lost her sight as a young adult and is now an Accessibility Testing Program Manager at Google. All are dedicated advocates for accessible technology.

90 talks on neuroscience at Ted Talks

Continue reading “Google IO 2018 notes: How applications of neuroscience are improving accessibility”