Difference between tel and wtai url schemes - uri

I am interested in making phone number links to begin phone calls for users browsing a mobile site.
What are the differences between the tel and wtai url schemes? Are there other schemes?
How should they be used and in what circumstancs?
Do some devices only recognise one scheme or the other, is either scheme deprecated or likely to be?
The tel URI for Telephone Numbers
The WAPI WTAI spec
Apple URL Scheme Reference

AFIK WAPI WTAI spec belongs to wap protocol and if phone supports WAP/WML it would support WTAI.
Tel Uri would be the most common and Apple's tel meta tags only recognised by iOS devices.
If you have time and resources to spend on it you could have a look at http://wurfl.sourceforge.net/ to get device capabilities. If not I would use tel Uri

Related

How do I find visitor name from his / her IP address

While working with Google Analytics, I was thinking how do I get the name of user currently viewing my websites. I Googled and found that many Companies are providing the same & on top of that using GA, like leadfeeder, whoisvisiting etc.
So after doing more research I found a websites that provides IP's ISP full information like name, phone, email etc is https://bgp.he.net, this websites actually pull all the information related to ISP.
I again started more search using ASN number etc, but didn't got any luck. At last I came here at SO. hoping I would get good inputs from experts here.
I am eager to know the working of these companies, how they actually get those names ?
I wanted to know the Name of user or companies visiting my websites, I have no plan to buy the services from any similar services provider companies.
I know its against GDPR, but How those companies are getting the names of visitors?
Thanks in advance
It's also worth to point out that collecting PII information about your users - via Google Analytics - is against Google Analytics policy:
"To protect user privacy, Google policies mandate that no data be passed to Google that Google could use or recognize as personally identifiable information (PII). PII includes, but is not limited to, information such as email addresses, personal mobile numbers, and social security numbers."
Please check more details here: https://support.google.com/analytics/answer/6366371?hl=en
Details of ISPs are publicly known, since they are allocated blocks of IP addresses which they distribute to their customers. The name of those customers are not generally known, and a single IP doesn't necessarily resolve to a single human in the first place. No, you cannot get an individual's name and address from an IP without a subpoena from a court and then requesting that information from the ISP, which knows the identity of the entity to which they allocated the IP. But a court won't grant you that unless you can show any law that IP has broken.

What kind of user consent is necessary for Firebase phone authentication?

The firebase phone auth documentation states:
Phone numbers that end users provide for authentication will be sent
and stored by Google to improve our spam and abuse prevention across
Google services, including but not limited to Firebase. Developers
should ensure they have appropriate end-user consent prior to using the
Firebase Authentication phone number sign-in service.
I believe I will have to display some sort of disclosure when asking for a user's phone number, but I'm not really sure what it should say. Can anyone provide an example? I used Digits/Fabric at one point, and it had a bunch of links to various privacy policies and ToS on the phone number collection screen, but now that they've joined with Firebase I'm kind of confused about what's necessary.
Thank you!
firebaser here
FirebaseUI-web displays the following before sending the SMS:
By tapping Verify, an SMS may be sent. Message & data rates may apply."
On the screen where the user enters the confirmation number, it displays:
By tapping Continue you are indicating that you agree to the Terms of Service
With the tos link being one that you as the developer provide. The reason it leaves the exact content open to you is that it partially depends on the jurisdiction that your app is under.
All we can do is tell you what we use the phone number for:
Phone numbers provided for authentication will be sent
and stored by Google to improve our spam and abuse prevention across
Google services, including but not limited to Firebase.

Can I store user ids with google analytics?

I want to track how individual user navigate through a website. Using Google Analytics I can use custom variables so in theory I can use the user ids to track individual users. However, according to the terms of service of Google Analytics I can't use GA to track, collect or upload any data that personally identifies an individual (Section 7. privacy). Does a user id classifies as data that personally identifies an individual? I merely want to use it to link the data from Google Analytics with our own data.
Storing user IDs is probably a violation of section 7, but there are other ways around this problem.
Section 7 of the ToS states:
You will not (and will not allow any third party to) use the Service to track, collect or upload any data that personally identifies an individual (such as a name, email address or billing information), or other data which can be reasonably linked to such information by Google.
While sending Google information that is personally identifiable is simply not permitted, you can instead send an identifier which is known only to you. In fact Justin Cutroni (Analytics Evangelist at Google) has confirmed this in this article.
I've recently written up my current thinking on this with some a couple of world examples:
"Identifying your users in Google Analytics while complying with section 7 of the terms of service"
I'd say it does. It doesn't matter what you intent to do or not. The fact that you have the possibilty to map the id back to the person is enough.
Additionally: I'm not a lawyer but I'd say if you are tracking such data (with whatever technical means) it has to be in the terms of your website and signed by the user.
Personally identifiable information would be something like a name, phone number or email address. You'd be okay to store hashed information about this user in Google Analytics and then decrypt offline. E.g. You can store a hash of the user's name in Google Analytics and then decrypt offline.
You also may want to check you've the correct privacy policy in place and follow these rules: https://developers.google.com/analytics/devguides/collection/protocol/policy
You can use non obfuscated alphanumeric database identifiers that you might create for your visitors. Another acceptable option is to pass to Google Analytics an encrypted identifier that is based on PII that is not Protected Health Information (as defined under HIPAA), as long as you use the proper encryption level. Google has a minimum hashing requirement of SHA256 and strongly recommends the use of a salt, minimum 8 characters.
https://developers.google.com/analytics/solutions/crm-integration#user_id

Determining bots in website

For the security of my website, is there any way I can distinguish between bots and human visitors on my website?
Not really. If a bot WANT to be recognized as a bot, yes you can. Example: search engines bots, like Googlebots.
BUT it's extremely easy for a bot do identify himself as a normal browser; then youre stuck.
If you want a list of bots, here you go: http://www.robotstxt.org/db.html
The only way to do this might be to check for the User-Agent sent in the HTTP request by the current client.
Some bots do not specify any or specifies a specific one such as GoogleBot (Googlebot, Mozilla/5.0) or Baidu Spider.
There is also a list maintained by useragentstring which lists all the known user-agents used by various bots, automated scripts or browsers.

Accessing a users contacts from a webpage

Is it possible to access a mobile users phone contacts from a web page? The company I work for would like to use QR codes to direct people to a coupon on their website and then give viewers the option of sending the url to their friends in a text message.
Obviously this would be an opt in service. Perhaps you would need to build a mobile application to accomplish the task? If anyone has an idea on how to accomplish this or something similar please let me know.
As far as I know, it is not possible to access the contact database via a web page, on any of the major platforms; in order to access this data, a native application is required.
Nate is right.
The only thing that you can do (that won't accomplish everything you need) is encode SMS message in QR code (e.g. "sms:number:subject" see http://code.google.com/p/zxing/wiki/BarcodeContents), this way your company will get user's phone number as part of SMS message, but not numbers of his/her friends.
An API for accessing contacts is being built into the WebApi by Mozilla but as of today it's not enabled by default and I expect cross browser support is still far off.

Resources