You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Do we want to provide users choices for what data to share, and how the data can be used, in much granular level?
Several of current Solid apps have "all or none" approach for access requests, the app prompted me to grant the app permission to "Edit data", or the app wouldn't run. This is essentially the same as Today's smart-phone apps installation process, it would prompt users to acknowledge permissions to access "your contact", "your storage", "your camera", etc., if you don't agree, you cannot install this app. There is no other choice for users if they "need" this app, this is just to inform users what data will be shared.
Take a hypothetical app for movie recommendation, it requires read-access to a list of movies you watched and your friends list. So the app would recommend movies based on what you have watched, and also what your friends watched (so you and your friends will have common topic).
This example presents several questions:
Can a user get the app running, without granting permission to access friends list?
I don't want to share my friends list, just give me recommendation based on my past movie history.
When granting permission to access friends list, it is not clear how my data is going to be used?
I may not want the app to share all my movie list with all my friends, but by granting permission of accessing friends list, it allowed the app to do just that, the implication I may not realize.
So, if we address privacy concerns, we would have to give users choice on what to data to share or partial share; on this subject, users might not remember what data they have, a clear view of what data they have, and even allow users clear it out: https://myactivity.google.com/myactivity would be very helpful. As for how the data is going to be used, we should have a standardised specifications, this sometimes is more of the concerns than the shared data itself.
The text was updated successfully, but these errors were encountered:
Indeed, Solid currently has a resource-centric view (or document-centric, if you will) of access control, but it means that as a developer, you should be careful to split different data up in chunks, so that you would have one resource for a movie, one resource for a friend list, one resource (a container) for all the movies, etc. Then, you'd assign privileges to each of these resources. Again, it is very much up to the developer to design a good UX around that.
Do we want to provide users choices for what data to share, and how the data can be used, in much granular level?
Several of current Solid apps have "all or none" approach for access requests, the app prompted me to grant the app permission to "Edit data", or the app wouldn't run. This is essentially the same as Today's smart-phone apps installation process, it would prompt users to acknowledge permissions to access "your contact", "your storage", "your camera", etc., if you don't agree, you cannot install this app. There is no other choice for users if they "need" this app, this is just to inform users what data will be shared.
Take a hypothetical app for movie recommendation, it requires read-access to a list of movies you watched and your friends list. So the app would recommend movies based on what you have watched, and also what your friends watched (so you and your friends will have common topic).
This example presents several questions:
I don't want to share my friends list, just give me recommendation based on my past movie history.
I may not want the app to share all my movie list with all my friends, but by granting permission of accessing friends list, it allowed the app to do just that, the implication I may not realize.
So, if we address privacy concerns, we would have to give users choice on what to data to share or partial share; on this subject, users might not remember what data they have, a clear view of what data they have, and even allow users clear it out: https://myactivity.google.com/myactivity would be very helpful. As for how the data is going to be used, we should have a standardised specifications, this sometimes is more of the concerns than the shared data itself.
The text was updated successfully, but these errors were encountered: