PEPC
PEPC
PEPC
Page Embedded Permission Control
ICE COLD ! DELICIOUS !
☀️
chrome permissions
☀️
User friendly!
Now with contextual integrity!
5.
¢
Page Embedded Permission
Control
example.com wants to
📍 Use your location
Block
Allow
example.com wants to
📍 Use your location
Block
Allow
example.com wants to
📍 Use your location
Block
Allow
On behalf of the
Google Chrome Permissions Team
Many slides cribbed design from sereeena@google.com
The user lacks the context of why a permission is being requested.
Poorly timed permission requests can interrupt the user .
Permission requests are often outside the user’s focus of attention.
Interaction design considerations are frequently overlooked during product design phases.
Recovering from a ‘block’ decision is hard.
User problems
An example
Another example
Alternatives explored
Oh, prompts are interruptive?
WAS NOT SHIPPED
Oh, risks are hard to explain?
SHIPPED!
Oh, there’s too many prompts?
Bilogrevic et al. ”Shhh...be quiet!” Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome. USENIX Security, 2021.
SHIPPED!
How web APIs work
“Developer-push”
∿∿∿ PROPOSAL ∿∿∿
The Permission Element is a new HTML element embedded into web content that allows users to initiate a permission request flow.
This reframes the current permission model from developer-push to user-pull, where we can be confident of users’ intention to use web capabilities.
∿∿∿ PROPOSAL ∿∿∿
∿∿∿ ADVANTAGES ∿∿∿
It is non-interruptive: it is static, small, and contained in the content area on the same z-level.
It is discoverable: it can be placed by the developer within the user's focus of attention.
It provides more contextual information: it has a visual manifestation as opposed to being a procedural API, requiring developers to think about integrating it into the user journey at UX design time.
It allows users to revert a previous "deny" decision if they have changed their mind and are now interested in the feature that the site provides.