BlueOS icon indicating copy to clipboard operation
BlueOS copied to clipboard
verified publisher icon bluerobotics

core: frontend: support intuitive internet access and privacy management

Open ES-Alexander opened this issue 1 year ago • 0 comments

Current behaviour

Different users have different preferences and requirements for managing their vehicle's behaviour when connected to the internet. While we try to inform users about which functionalities come with BlueOS, this has limited utility if applying restrictions is not easily actionable.

A key value of BlueOS lies in the convenience it provides over manually configuring and managing things, so providing high level tools is important for users to want to use our system.

Expected or desired behaviour

I'd recommend a combination of

  1. Allow visualising network traffic, ideally in a simplified form
    • e.g. aggregate requests to each domain, and where possible link domains to services/extensions that are using them
    • Could perhaps be implemented as an extension of / together with #3009
  2. Add straightforward controls for internet connectivity
    • UI example (imagined as a "restrictions and privacy" tab in the internet management window) image
      • BlueOS doesn't currently use PostHog, but I included it because Cockpit does (so we might in future?), and it's useful to consider where event tracking sits in the semantic ordering
      • Pirate mode could swap the slider for checkboxes or toggle switches, for more detailed individual control
    • Should include explanations for what each functionality is for, and ideally which service(s) make use of it, and which servers it connects to (perhaps only shown in advanced access modes)
      • BlueOS Cloud would include bazaar, as well as data storage and synching services
      • Open source extension installations could block configured manifest sources in Kraken
      • Blocking BlueOS updates could block network access to Docker Hub entirely
      • Restricting installed extensions internet would likely require running them a particular way using Kraken
    • Affected services should account for this, and display relevant UI information
      • e.g. show "This service is disabled in the vehicle internet restrictions", with a link to open the management window), instead of just saying "could not connect to the internet"
      • Things like #2869 should factor this in
  3. #2771
    • "deckhand" can represent a managed user (even if just as a mental intent by the actual user), so is not allowed to change permissions of things
  4. #2868
    • Relevant as a more transparent form of "this is definitely not in use", where that is applicable

Prerequisites

  • [X] I have checked to make sure that a similar request has not already been filed or fixed.

ES-Alexander avatar Dec 16 '24 06:12 ES-Alexander