Yea, it seems like site-specific permission settings are the way on this. The "Do you want to share your location with this website?" check seems to work fairly well. I think "Do you want to allow videos with sound to autoplay?" would too.
Already it seems that 75%+ of news sites ask me to show notifications, and the alerts alone asking for it are getting annoying.
I'd be even more upset if every site now had to ask for permission to do all kinds of things (Do you want to allow sound? Do you want to allow cookies? Do you want to allow video?)
I don't know the answer on how to deal with this stuff, but I don't think putting everything behind requests to the user is a good option (and clearly just allowing everything is a bad idea as well).
I agree. One way to ameliorate this problem is to only allow sites to even ask for permission to autoplay content with sound if the user has manually played a video a few times in the past.
More generally, you can set permission settings to be very conservative by default and not allow sites to bother the user with permissions until the user has interacted positively with the site several times in the past. Here, "positively" could be a fairly fuzzy rule of thumb depending on the global trustworthiness of the site and the sensitivity of the permissions requested.
Whatever the solution is, it should be consistent and easily knowable by the average user.
How would a website tell a user to enable auto-playing video for a website that they want it for (for example, how would youtube tell users to enable that)? How would the user even understand that this website won't work correctly for them but it works fine for their friends/family/other-browsers?
I've made a web-app that uses camera access, and the web audio API. Without either of them, the app is 100% useless, so locking those behind a permission that won't even show up until the user has been there for a while completely kills that app.
While I understand you are only talking about auto-playing video, the point still stands IMO. Trying to "guess" what the user wants is wrong when it comes to enabling/disabling features.
Your concerns are definitely valid, but note that every time the Chrome team chooses a browser default, or doesn't include a permission setting for every possible ability, they are guessing what the user wants. And these guesses will not be the same made by other browsers, so the user may still be confused why something works for their friends but not them. "Smart permissions" seem strictly better to me than allowing autoplay ads or no autoplay youtube, and reducing user frustration may just require ad-hoc tricks, e.g., filling the bank spot of a non-auto-played video with a permission dialog box. Likewise, using global trustworthiness information about a website could greatly improve guesses.
Make notifications and autoplaying vidoes OPT-IN. A site requests the feature, and a little icon pops up on the far right of the URL bar. The user has to know to click that button to allow notifications, or auto-playing, or other exploitable features like Javascript message popups.
Now, if they want people to use those features, they simply have to write a message on their website telling them how to click that button. "Want videos to autoplay? Click here!"
But the truth is, we all know what this is really about. It's not about features, and it's not about user experience. It's all about getting more money from advertisers by telling them you've got X more "impressions" from your users even if they're not real interactions with the ads.
It's a hard one to deal with. On the one hand, all these alerts can make people think about what they really want a site to be able to do. I mean, you're probably a bit less forgiving of a site using http if its marked as insecure and messages get shown when you type into a password field.
But at the same time... they also make people blind to them. Get too many alerts, and people will just ignore them. Will people just click yes if every site asks to use autoplaying videos?
> I don't know the answer on how to deal with this stuff.
It's not a question of technology or UI. If the same thing happened in your email inbox you would know the answer. Mark as spam. The only real solution is to stop visiting sites that make your life miserable (regardless of the medium). Most of the time they don't add a lot of value anyway and they don't link to sources so why are we even trying to fix them?
