Skip to content

Commit

Permalink
Separate device administrators from UA administrators. (#368)
Browse files Browse the repository at this point in the history 
Mostly this consisted of using "administrator" instead of "device
administrator", and I added a sentence saying that UAs sometimes assign
an administrator based on the user's account.

We also reordered the principle to ensure that users know about even reasonable disclosures.
  • Loading branch information
@jyasskin
jyasskin authored Nov 15, 2023
1 parent 7dd3a4f commit df7eb37
Showing 1 changed file with 10 additions and 9 deletions.
19 changes: 10 additions & 9 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1616,22 +1616,23 @@

<div class="practice" data-audiences="user-agents">
<span class="practicelab" id="principle-owned-devices-disclose-surveillance">
[=User agents=] must not help a device [=administrator=] surveil the people
using the devices they administrate without those people's knowledge. [=User
agents=] should not tell a device [=administrator=] about user behavior except
[=User agents=] should not tell an [=administrator=] about user behavior except
when that disclosure is necessary to enforce reasonable constraints on use of
the device.
the device or software.
Even when a disclosure is reasonable, [=user agents=] must ensure their users
know about this surveillance.
</span>
</div>
<div class="note">
See [[[#guardians]]] for more detail on how this principle applies to vulnerable people with [=guardians=].
</div>

Computing devices have <dfn data-lt="device owner">owners</dfn>, who have
<dfn>administrator</dfn> access to the devices in order to install and
configure the programs that run on them. As a program running on a device,
a [=user agent=] generally can't tell whether the [=administrator=] who has
installed and configured it was authorized by the device's actual owner.
Computing devices have <dfn data-lt="administrator">administrators</dfn>, who
have privileged access to the devices in order to install and configure the
programs that run on them. The <dfn data-lt="device owner">owner</dfn> of a
device can authorize an [=administrator=] to administer the whole device.
Some [=user agent=] [=implementations=] can also assign an [=administrator=] to
manage a particular [=user agent=] based on the account that's logged into it.

Sometimes the [=person=] using a device doesn't own the device or have
[=administrator=] access to it (e.g. an employer providing a device to an
Expand Down

0 comments on commit df7eb37

Please sign in to comment.