Nice docs by @fugueish on service worker security considerations: https://sites.google.com/a/chromium.org/dev/Home/chromium-security/security-faq/service-worker-security-faq …
-
-
Replying to @fugueish @slightlylate and
Why? Not interested in helping Chromium development based on bad interactions with Chromium developers, unlike Android.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @fugueish and
Just trying to understand reasoning and what was or wasn't considered. Quite aware it's not going to get removed or crippled from how it is.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @fugueish and
Consider Android: do users believe they're giving up the ability for an app to ping servers when they allow notifications?
2 replies 0 retweets 0 likes -
Replying to @slightlylate @CopperheadOS and
And recall here that Android allows silent push notifications (which we do not).
1 reply 0 retweets 0 likes -
Replying to @slightlylate @fugueish and
Android has code signing and users explicitly install the apps.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @slightlylate and
And sure, understand the goal with these standards is to compete with native apps. Except the consent and signing model is not present...
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS @fugueish and
Users explicitly opt-in to per-site notification permissions here. Nothing is implicit.
2 replies 0 retweets 0 likes -
Replying to @slightlylate @fugueish and
They consent to notifications, not to persistent background code execution, as I stated. There's also no ongoing consent to it like apps.
1 reply 0 retweets 0 likes
What is the delta in "ongoing consent"? If users tap into the "site settings" link on every push, they can remove push.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.