Looking at the proposed permission UI, I would - as a programmer and heavy web user - have no real clue what to click/what the implications were. If it were Google - do I know and trust them? Well, sort of. I know them; I trust them in the same sense I don't trust a scammer.
Also: 30 day timeout? I'm getting pretty fed up of re-logging into websites already over the last couple of years. Add on re-allowing various permissions for access to various things (sometimes every single time), trying to figure out why websites are broken (ad-blocker vs browser blocker vs not cross-browser tested vs temporary problem vs just totally broken) and it's rather a big productivity drain.
30 day timeout? I'm getting pretty fed up of re-logging into websites already over the last couple of years.
Users having to log in to a website 12 times a year, or 13 times in a bad year, is a price worth paying to improve privacy and security across the internet.
I'm not sure why you'd think you should make a statement on behalf of everyone. If you are happy with this trade-off, you are free to make it.
The 30-day timeout is for Storage Access API - cookies expire much more often already.
As I said, there is an accumulation of productivity harms.
My claim is that the pro-privacy solutions are not good enough relative to the problems they cause (and their effect on improving privacy is also debatable).
I think the concept is good, I just think 30 days is too short. Make it 60 days and now we're talking 6 times per year, much more reasonable. Make it 90 days and I don't think anyone will notice.
This is going to affect every user of every website using federated auth. That's a lot of buttonclicking to add to the universe.
According to Firefox I have 217 saved logins in different websites.
Even if I only used a fifth of them once a month, I wouldn't want to re-login 521 times every year. This is a big UX decline for pretty much zero privacy gain.
I disagree. This is making a significant UX downgrade to a core workflow while making the tiniest blip on tracking. (Oh no! You lose cookies every 30 days)
Also: 30 day timeout? I'm getting pretty fed up of re-logging into websites already over the last couple of years. Add on re-allowing various permissions for access to various things (sometimes every single time), trying to figure out why websites are broken (ad-blocker vs browser blocker vs not cross-browser tested vs temporary problem vs just totally broken) and it's rather a big productivity drain.