Hi,
I've been stewing over this for a while (and obviously have not come to a satisfactory solution) and the recent bad press about pseudo-privacy issues in various consumer devices ("D'uh... didn't you *think* this was happening??") just makes it more pressing.
I have a "well connected" device that supports third party applications. As such, iPhones, etc. are good parallels to consider.
I have *mechanisms* to protect damn near everything imaginable on the device (in terms of data). I.e., an application doesn't even *know* that "invisible (to it) data even exists -- let alone its actual content!
Unless, of course, that is "well known" data (e.g., something that an application can pretty much *expect* to exist on the device... like your PHONE NUMBER on an iPhone, etc.).
With mechanisms in place, I figured I could defer thinking about how to actually *use* them! :-(
Previously, I had assumed the user could just deliberately "publish" those items that he/she wanted to share (by setting appropriate ACL's for specific *applications* -- each app runs as its own UID).
But, it seems like people aren't very vigilant about what they "allow" access to. I.e., "Frajistat9000 wants to examine your contact list. Press YES to add Frajistat9000 to the list of applications allowed access to this list." would tend to be regarded (by many) as a nuisance prompt -- "YES, just give it the damn contact list and let me get on with my work!"
In keeping with the philosophy of providing mechanism, not policy, I'm looking for ideas as to how I can adjust the bias on this sort of "access granting".
E.g., I can be hard-nosed and just *block* access to protected resources and *crash* the offending application (so the application can't easily *test* to see if it has access and prompt the user
*for* that access if it doesn't have it already). This would require the user to explicitly and deliberately set up these ACLs when installing the application (which could be seen as an even *bigger* nuisance than the above).Or, I can take the "nuisance" approach above.
Or... ?
[Note my goal here is to err on the side of discouraging sharing while not being too much of a nuisance in the process]Thx,
--don