The Web Platform exposes to websites a number of powerful capabilities. Some of them are gated behind permission prompts (notifications, geolocation, camera/mic, ...) and/or Permission Policy, some of them are not.
User control over capabilities is currently mostly limited to permission prompts: there is a single moment in which the user needs to take a decision, often with insufficient information, context and understanding, and changing their mind later or postponing the decision is difficult. The user agent has no additional insight. There is no way for websites to explain, outside of the site content, why a capability is needed and how it is used. There is currently no or little way for users to control capabilities which are not behind a permission prompt.
We would like to investigate building a mechanism for pages to be able to declare which "powerful capabilities" they want to use. Websites can include in declarations additional information about the why, how, when... they intend to use a capability. User agents can use those declarations to provide users additional information and control over those capabilities.
Declarations can:
- help user agents understand how and why capabilities are used,
- help user agents give users control over the capabilities used by a website,
- complement existing permission flows while improving user control for capabilities which are not behind a permission prompt,
- add friction for pages and embedded resources to use powerful capabilities inadvertently.
The Web Push API is currently gated behind a permission prompt. But is there a good time to prompt for notifications? Do users have an understanding of what they are asked and can they make a meaningful decision? In fact, we know that the notification permission prompt is often abused. A lot of websites prompt on load. Other websites nudge the users to trigger a notification permission prompt with loud in-page elements/modals.
A declarative approach could help user agents building a different experience. Websites could advertise in a declarative way that they can/want to send notifications, providing additional information and context. We could do something similar to speculationrules:
<script type="permissiondeclaration">
{
"capabilities": [
{
"type": "notifications",
"service_worker": "/sw-push.js",
"daily_volume": 3,
"example_notification": <notification-data>,
"purpose": "Receive notifications about incoming emails and chat messages",
"settings": "/notification-settings.html"
}
]
}
</script>
The browser could then surface a notification toggle to users in a control center, where additional information can be surfaced and inspected by the user. Instead of being interrupted by a permission prompt, users could turn notifications on and off whenever they wanted.
Once the declaration exists, the user agent could also stop showing permission prompts. This would get rid of the abuse (sites prompting on load) and maybe also of the annoyance (no reason for in-site pre-prompts anymore).
Declarations can also be useful for capabilities that are not currently gated behind a permission prompt (although they might become in the future):
<script type="permissiondeclaration">
{
"capabilities": [
{
"type": "webrtc",
"purpose": "The page uses peer to peer connections for its video-conferencing functionality."
},
{
"type": "local network access",
"purpose": "The page manages your local awesome printer."
},
{
"type": "persistent storage",
"purpose": "The page persistently stores all the awesome documents you create on your computer.",
“expected_usage”: “1GB”
}
],
“privacy policy”: “https://example.com/privacy-policy”,
“terms of service”: “https://example.com/terms-of-service”
}
</script>
Note that different browsers can have different defaults for capabilities. For example, something can be enabled by default in a browser and disabled in another. Moreover, they can decide if and how prominently they want to show information and controls about the capabilities to the user.