Web Permissions Are Broken

I spent this evening throwing together a simple site that uses the HTML5 Geolocation API. (Link here. Warning: politics!) The API enables the sort of services that feel magical. In this case, it took just a little Javascript to retrieve and display contact information for a user’s Congressional representatives based on location. (The awesome Congress API from Sunlight Labs helped too). In an earlier experiment, I used webcam access with getUserMedia() and feature detection to make a scavenger hunt clue accessible only by holding up a special image in front of the camera.

But before the giddy magic of HTML5 come terrifying requests from the browser and a terrible user experience. Chrome “wants to use your location.” But for what? And how much does it know? Firefox asks if you’d “like to share your camera.” For how long? There’s no explanation of why or what the site wants to do with the data. The most likely questions for most users are met with only a chance to “Deny” or “Accept” an unknown contract. Perhaps this is a problem to be solved by explanations on the page itself, but the ability to provide a simple message would be a huge improvement, just by offering an explanation.

There’s an existing W3C draft on feature permissions, which punts the idea to web notifications. As users get used to fine-grained permissions on other devices, browsers will need to catch up.