Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm surprised to learn that a web site doesn't need to ask for your permission to access the Vibrate API. I think there must be a warning screen with the list of permissions the web site wants, like the ones we're getting when installing apps from app stores but with a twist so you can disable individual permissions for a web site.


In Firefox right-click a page -> Page Info -> Permissions.

Some APIs are allowed by default and some aren't. For the discussion about Vibration, see: https://wiki.mozilla.org/WebAPI/Security/Vibration


You can't do this on a phone however as far as I know. The vibrate API is build for mobile devices.


Firefox OS phones already have support for this and yes, the phone vibrates without asking permissions.

Personally I don't see this as a big problem at all.


I was replying to the question about getting a list of permissions a page uses/wants.

Neither Vibrate nor WebAudio require permissions from the webpage. Like basic JavaScript they always run. They're not security/privacy risks per se, just something that, like so many other things, could be used to support a phishing attack.


I don't understand this statement. A phone is a mobile device.


And, on mobile Firefox, there's no way to see the permissions of a page. Certainly no that I can see of FF for Android.


Firefox for Android developer here, you can long-tap on the location bar while on the page and select 'Edit Site Settings'. Is that what you're looking for?


That is only used if the API requires user confirmation. So things like geolocation, camera, and microphone access will be shown. Adding the feature from desktop should be a bug already. If not then we should file one.


Just says "There are no settings to clear." So no way to disable vibrate or autoplaying audio.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: