Most of the time this prompt comes up it's actually for a genuine purpose, like spotify trying to find devices on the local network that can play audio, VLC looking for chromecasts, I saw my DJ app ask for local network and discovered it can discover my decks on the network and stream my library over the local network to it.
The problem is this prompt is new so the software doesn't show the user why it's just triggered the prompt and the user has no info to work with.
I need to turn on location access for all software on my system globally to read the battery status of a device over Bluetooth. These "could be used for" warnings are nice and all, but usually goes beyond what makes sense. Proposing that we need to press "be spied upon" just to view photos stored on your NAS is way out there
I'm sorry if people don't know what "access local devices" means but actively lying to them about the mechanisms is not going to inform anyone
I honestly don't think the average Google Chrome user knows what a 'local' device is, and we should go something more ELI5 "This website wants to spy on every other device connected to your network" or something
I get loads of them when I'm on a Netsweeper filtered network... pretty much any time any asset a page loads is from a blocked site (social media pixels normally).
I've seen it and at least in Chrome it seems to be treating all URLs which are based on an IP address as "local", regardless of the class of the address.
I'd be inherently suspicious of any website in the wild attempting to contact a bare IP address. Aside from localhost, my default assumption would be that such a website is either trying to circumvent my hosts file (or circumvent my other DNS configuration, e.g. pi-hole or DNS-over-HTTPS), malware trying to reach a command-and-control server, or malware trying to circumvent my adblocker.
I guess that's why I am getting so many "Allow to find devices on your network" alerts. Good feature overall.
Only a good feature if users have a clue what that question means. Most will click "Yes" because they want to get on with whatever they want to do.
Change it to something like "This website is trying to spy on your local devices, do you want to allow this?"
Most of the time this prompt comes up it's actually for a genuine purpose, like spotify trying to find devices on the local network that can play audio, VLC looking for chromecasts, I saw my DJ app ask for local network and discovered it can discover my decks on the network and stream my library over the local network to it.
The problem is this prompt is new so the software doesn't show the user why it's just triggered the prompt and the user has no info to work with.
Since I can see legitimate use case (complex web apps, one sharing data with another) - I would not use the word spying.
But still make it clear what can happen.
"Attention! This website wants to get access to other web apps running on this device, do you want to allow this?"
And then a link explaining some more. But better words are surely possible.
I need to turn on location access for all software on my system globally to read the battery status of a device over Bluetooth. These "could be used for" warnings are nice and all, but usually goes beyond what makes sense. Proposing that we need to press "be spied upon" just to view photos stored on your NAS is way out there
I'm sorry if people don't know what "access local devices" means but actively lying to them about the mechanisms is not going to inform anyone
I honestly don't think the average Google Chrome user knows what a 'local' device is, and we should go something more ELI5 "This website wants to spy on every other device connected to your network" or something
I get loads of them when I'm on a Netsweeper filtered network... pretty much any time any asset a page loads is from a blocked site (social media pixels normally).
Ah, THAT's what that is. They really need to shift the message from the BROWSER is trying to find devices to the WEBSITE is trying to find devices.
I hate that there's no "stop asking me" button.
I get those regularly in Chrome
I was just about to say that my question in regards to this was "what are web browsers doing about it?"
I just discovered that MacOS was blocking Firefox from connecting to devices on my LAN - there's per-app toggle in system settings.
Access to my router's web interface was not blocked (understandably) but this left me rather confused for a while.
I've seen it and at least in Chrome it seems to be treating all URLs which are based on an IP address as "local", regardless of the class of the address.
I'd be inherently suspicious of any website in the wild attempting to contact a bare IP address. Aside from localhost, my default assumption would be that such a website is either trying to circumvent my hosts file (or circumvent my other DNS configuration, e.g. pi-hole or DNS-over-HTTPS), malware trying to reach a command-and-control server, or malware trying to circumvent my adblocker.
Any idea if Safari is on board?