El 07/09/12 13:14, Guillermo López escribió: 2012/9/6 ptheriault <[email protected]<mailto:[email protected]>> I was concerned that Push Notifications may have a privacy impact, and a user might want to make a choice not to enable them. Apart from anything, Push notifications disclose to the carrier that the user has installed a specific app. Implicit permissions & a setting to enable/disable push notifications might suffice though to begin with, especially if this UI showed you which applications were registered to send & receive push APIs.
Hi! Yes, they disclose to the server a pair of PbK and WAtoken. The WAtoken could be unique or shared, but the PbK should be the same for each installation of the app. So, yes, we know which users share the same PbK (that could eventually be mapped to a app). I want to add: the Push server only moves raw data from one side to another, so if the app wants to encrypt the data end-to-end is perfectly allowed (and recomended) so on the server you only can see crypto data... so no privacy user data is exposed. Also, on our side of course, the server will be on a controlled CPD with all the privacy and security required by law to this kind of servers. I totally agree (and I think that Thinker's patch has this) that we _must_ ask the user to allow push notifications, but maybe he does not know what that means. (and also: "Yes", "Not now", "Never"). And I was talking with FernandoR that we should have a good UI to show the mapping of app<->URL to list every app that has a push URL, and add a method to revoke them (it's mostly implemented in our server, we need to test it). Yes, it has been implemented this week so would be fantastic to have a way on gaia settings to revoke push permissions to one app. Cheers, -- Guillermo López [willyaranda]. Mozilla Reps Mentor. http://mozilla-hispano.org http://twitter.com/mozilla_hispano http://facebook.com/mozillahispano Certified Mozillian: https://mozillians.org/willyaranda ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
