-

Newer model iPhone mockup. At the top of the screen is a grid of contact pictures and the text “You have 579 contacts. Contact information includes names, emails, photos, phone numbers, addresses and more”. In the lower half of the screen, there is a <br />header “Get permission before sharing contact info” with the text “We're not going to let you betray your friends that easily. You'll need to get their permission to allow ‘Flashlight+ Pro Free HD’ to access their contact info.” At the bottom <br />are two buttons: “Request Permission From 579 Contacts” and “Don’t Share”

2024-12-14 21:24:36

Dale Price via Fubaroque

dale_price@mastodon.online

This is what the iOS contact permission prompt should be

2024-12-14 21:44:06

Dale Price

dale_price@mastodon.online

iPhone showing alert: “John Doe wants to share your contact information with ‘Flashlight+ Pro Free HD’. The app ‘Flashlight+ Pro Free HD’ on John’s iPhone will have access to your name, email, phone number, photo, address, and more.” The <br />buttons are: “Allow" “Don’t Allow” “Block John and Delete From Contacts”

and what the requestees see:

2024-12-14 22:36:06

Rosie 🌹 :verified_trans:

rpmrosie@mk.absturztau.be

@dale_price@mastodon.online same for android tbh
i always deny the permission no matter what

2024-12-14 22:42:27

Mer-fOKxTOwl

glowl@chaos.social

@dale_price recently someone in an element call had an error and their "element call" part of element crashed. when that happend everyone of us got a popup with a request to give permission for them to share the crash logs.

first time i have ever seen such a thing happen.

2024-12-14 22:55:48

Farshid Hakimy / فرشید

farshidhakimy@chaos.social

@dale_price this is how EVERY contact permission prompt should look like, not only the iOS one.
And there should be an option to share fake data with the app for it to stop asking for this permission.

2024-12-15 00:01:52

LuckyLuke

luckyluke4411@mastodon.social

@dale_price

2024-12-15 00:11:54

Advanced Persistent Teapot

http_error_418@hachyderm.io

@dale_price yes except the default option and alternate should be the other way around

2024-12-15 00:28:38

Mason

mason@autistics.life

@dale_price heck yea

2024-12-15 01:06:25

Mx Amber Alex (she/it)

amberage@eldritch.cafe

@dale_price AMEN

2024-12-15 02:30:45

Aday

Aday@mas.to

@dale_price the fact that they can share a photo of you with any gen AI seems a more pressing issue to me.

2024-12-15 02:33:05

zetabeta

zetabeta@mastodon.social

edited picture. prompt in a smartphone screen for asking permission. first option is "allow". second option is "don't allow". third is much bigger than other two, it says "Block John Doe and Delete from contacts!".

@dale_price

i edited little bit!

possible copyrights belong to actual owner, not for me.

2024-12-15 05:27:08

kat

kataclyst@spore.social

@dale_price This is the way!

2024-12-15 07:14:18

impossibleibex 🇺🇦

impossibleibex@mastodon.social

@dale_price is there any reason why a flashlight app needs contact permissions?

2024-12-15 13:19:41

Hans van Zijst

hans@social.woefdram.nl

@impossibleibex 4Harris I would say no.

I had a photo gallery on Android once that claimed to need access to my storage (which I understand), my camera (huh?), my network, contacts and agenda.

Needles to say I deleted that app.

@Dale Price

2024-12-15 09:00:16

sebsauvage

sebsauvage@framapiaf.org

@dale_price
THIS.
So much.

2024-12-15 10:02:43

David

deFractal@infosec.exchange

@dale_price The only third party app I’ve ever allowed access to contacts is @signalapp, that’s after seeing in their court responses that, as their published source code implies and privacy commitments claim, they don’t misuse that access.

2024-12-15 10:35:55

Michal Bryxí 🌱

MichalBryxi@veganism.social

@dale_price I ... love the idea.

2024-12-15 10:42:49

Dušan Mitrović

dusnm@polymaths.social

@dale_price I've unfortunately just accepted this as a fact of human nature. Nobody, and I mean nobody, ever asked me before sharing my contact with a third party, be it another human or, in this case it's even less likely, an app.

2024-12-15 10:49:53

frigginGlorious ✅

frigginglorious@freeradical.zone

@dale_price is this what "zero trust" means?

2024-12-15 13:44:18

★Pope Miller the Defondor

miller@ruhr.social

@dale_price a fucking _Flashlight_ App should have no access to contacts at all!
Period.

2024-12-15 13:58:19

Free Soft&Hardware Enthusiast

goatwildernesscollective@social.librem.one

@dale_price nice except dont share should be selected by default ;)

2024-12-15 19:16:46

Kevin Karhan :verified:

kkarhan@infosec.space

@dale_price +9001%

And it should demand that in writing by notarized letter and to be compliant not just with #GDPR, not push anythibg to #iCloud (which falls ubder #CloudAct aht thus *can'r comply) and preemtively sort out #minors (as they can't consent as per #BDSG, nor can their parents on their behalf!)...

2024-12-15 19:40:07

David

idbrii@mastodon.gamedev.place

@dale_price
Also, I wish the model of requesting a single contact was more common. On Android, you don't need address book permissions to open the phone contacts so the user can pick a person. It's only necessary to vacuum up all that personal data (and present it in your own UI).

Briefly looking at CNContact, it looks like iOS doesn't have a similar "pick one contact to share with app" API? What could make them add it?

2024-12-15 19:42:42

h3artbl33d :openbsd: :antifa:

h3artbl33d@exquisite.social

@dale_price

This mockup is fantastic and something we really need.

2024-12-15 19:55:42

Sabrina Web :privacypride: 📎

sabrinaweb71@sociale.network

@dale_price there should be one more button, labeled "why the heck a flashlight needs my contacts info???"

2024-12-15 21:02:56

Saupreiss #Präparat500 🗽

Saupreiss@pfalz.social

@dale_price

Im mildly concerned - were used that pretty much all our contact Info is automatically shared with at least one, usually two companies whose whole purpose are advertisement and data abuse. One of them is even praised as „open system“ by many.

2024-12-15 21:43:11

me@t.joeldebruijn.nl

@dale_price
Brings back memories about me arguing with a family member who was ok sharing my contact info with ... Clubhouse

2024-12-15 21:45:00

Korrespondent zur See

Hinnerk@mastodon.social

@dale_price @jean But then how shall the app maker be able to maintain a list of who recommended flashlight the to their friends and who not?

2024-12-15 23:00:13

Metafrastis

dgavin@mastodon.online

@dale_price Just a liiittle bit more effort and we could make data privacy bring all computer systems to a total halt, crashing the worldwide economy and making smartphones totally useless…
Are you kidding me? I already feel a burning hate for cookie banners and the dozens of times I get asked for consent about all and any thing every day on all my devices. Just let my define what I am OK with in the OS settings and stop bothering me.

2024-12-16 05:22:12

John Gruber

gruber@mastodon.social

@dale_price This could never work and makes no sense. Let’s say you get my email address from my website. You create a contact card for me with my name and email. You think *I* should get an alert when you want to share my email address and name? And that at that point I should be allowed to delete my info from you contacts, and block you from re-adding me?

Should I also be able to know when you mention me in a note in the Notes app?

2024-12-16 15:25:38

Dibs

dtwx@mastodon.social

@dale_price 100%

2024-12-16 20:21:37

Dale Price

dale_price@mastodon.online

For those tempted to argue about the impracticality of implementing my tongue-in-cheek mockup:

Imagine, instead of the silly alert message, a simple toggle in privacy settings “allow others who have me in their contacts to share my information with apps”

If it’s switched on, it flips a bit on a server that the other person’s OS can check, just like how it checks if you’ve set up iMessage etc.

The point wasn’t the UI, it’s that other people’s info shouldn’t be yours to give out to apps

2024-12-22 10:42:22

farmio / Matthias Alphart

farmous@mastodon.social

@dale_price @nblr This, but the blue, highlighted button should be "Don't share".

2024-12-23 02:29:19

💙💛:~/eu/pl/priv$:idle:

miklo@fosstodon.org

@dale_price And that's why I ask everyone who asks for my number: ‘And how many apps have access to your phone book, and how many of those apps send that data home to themselves’ ?

2024-12-29 13:36:51

Saga-Cité

Saga_Cite@toot.aquilenet.fr

@dale_price
Thank you !
This is 😂

Une association des tendances clés pour les décennies à venir :

Appartenance aux Groupes
https://www.les-cris.com/pages-300-articles-de-CRIs/theme-040-Evol-generale/art-2020/cri-evolgen-201031-la-tendance-appartenance-aux-groupes.php

Tout-est-sous-controle
https://www.les-cris.com/pages-300-articles-de-CRIs/theme-040-Evol-generale/art-2020/cri-evolgen-201207-la-tendance-tout-est-sous-controle.php

Vivre-dans-un-monde-administre

https://www.les-cris.com/pages-015-points-cles/points-cles-Les-Tags-dans-les-CRIs.php#tag_def-vivre-dans-un-monde-administre

Découvrir l'Hygiène-Numérique,
s'affranchir de la Malbouffe-Numérique et des asservissements
https://www.les-cris.com/pages-300-articles-de-CRIs/theme-060-Numerique/art-2024/cri-num-240830-Decouvrir-l-Hygiene-Numerique-s-affranchir-de-la-Malbouffe-Numerique-et-des-asservissements-Panorama-et-parcours-pour-l-Hygiene-Numerique.php

Comme ce n'est pas le cas,... qu'elle conclusion concernant vos amis ?
et proches, relations professionnelles ?