Design Review #295

#295: User Activation v2

Visit on Github.

Opened Jul 26, 2018

Hello TAG:

I'm requesting a TAG review of:

Name: User Activation v2
Specification URL: https://github.com/whatwg/html/pull/3851
Explainer, Requirements Doc, or Example code: https://mustaqahmed.github.io/user-activation-v2/
Tests:
- Work in progress in html/user-activation/.
- Also tested through other API specific tests, particularly fullscreen/.
Primary contacts: @mustaqahmed

Further details (optional):

Relevant time constraints or deadlines: [please provide]
I have read and filled out the Self-Review Questionnare on Security and Privacy. The assessment is here.
I have reviewed the TAG's API Design Principles

You should also know that... [please tell us anything you think is relevant to this review]

We'd prefer the TAG provide feedback as (please select one):

open issues in our Github repo for each point of feedback
open a single issue in our Github repo for the entire review
leave review feedback as a comment in this issue and notify @mustaqahmed

Discussions

2018-09-25

Minutes

Hadley: awaiting external feedback.

David: I didnt get too far into 295. This is about trying to standardize user activation behavior which is different to what browser do today, but more close to what Edge does today. the one thing I was wondering is whether this is being used for more security/privacy minded things in contract to what it was designed for (annoyance prevention).

It seems pretty resonable to trying to standardize these, but if it touches security/privacy then we need to be more careful.

Alex: Chrome has two other use cases, muting media playback and unpausing iframes

David: None of these seems worrying from a privacy perspective

Alex: Let me look though the rest of our usages - we used it a lot

David: three groups of activations: ...

Dan: What do we think in terms of what we are being asked for? What should out response be

David: I am not perticularly concerned about anything here beyond the one question that I asked

Hadley: This is outside my area of expertise - I am converted that they spec author doesn't like creating a proper explainer. Spec author liked Web IDL better than plain English explainer -we are not convinced though.

I am concerned not just for us, for for anyone working with it - explainers are a useful part of the process

Alex: One of the use cases in blink is supressing permission requests in a lot of (i)frames the users hasnt used - annoyance mitigation

David: I understand why they want to do this is to simplify their code and improve interoperability and not necessarily a end user goal.

Hadley: Might be hard to artigulate

David: they could just say that

Dan: An explainer should start by "User should do that, developer should do this.." not "blah blah implementation details" - I think it is not high level enought

Dan: You should explain in plain language, what problem to solve, and use cases..

Hadley: I am missing the why, we are speculating about it as a group - not a good use of our time

Dan: Can someone sit down with Dave and help them write a few extra paragraphs

Alex: Sure I will handle this

Hadley: Everyone is busy and this is more cognitive load than necessary for us :)

Dan: Shall I bump this one, yeah, I should do that... don