W3C home > Mailing lists > Public > public-device-apis@w3.org > May 2010

Re: Sys Info network attributes

From: <Frederick.Hirsch@nokia.com>
Date: Fri, 21 May 2010 18:26:43 +0200
To: <dougt@dougt.org>
CC: <Frederick.Hirsch@nokia.com>, <brian.leroux@nitobi.com>, <acooper@cdt.org>, <public-device-apis@w3.org>
Message-ID: <0691FD15-F0A6-48E2-8CA1-D83F96F89B39@nokia.com>
Doug

There are always choices of what to include or not to include. How would removing certain attributes for which we have no clear use cases being "crippling"? In specific terms, why would removing the items Alissa matters be a concern? Would it make sense to defer them to v2? I'm trying to understand this.

That said, it seems we all agree that the overall framework for privacy and policy is important.  Are you able to help move that work forward, perhaps by reviewing the policy framework specification?

Thanks

regards, Frederick

Frederick Hirsch, Nokia
Co-Chair, W3C DAP Working Group




On May 21, 2010, at 11:53 AM, ext Doug Turner wrote:

> I am in complete agreement - We shouldn't be crippling them based on "privacy concerns".  Instead we should be thinking about what UAs can do to ensure that these APIs are run safely with user consent.
> 
> Doug
> 
> 
> On May 21, 2010, at 8:28 AM, Brian LeRoux wrote:
> 
>> You bring up a valuable point Doug and the root of our thinking w/
>> PhoneGap. The API's we're talking about are often in the context of
>> installable web apps like Mobile Web Applications and Widgets (though
>> now Google Chrome is about to blur that line).
>> 
>> Ultimately, I still feel the API to certain data and sensors should be
>> divorced from the permissions that dictate its use (and perhaps
>> discoverability). The days of the web being a second class development
>> platform wane. It is our job to figure out the best ways to keep the
>> web secure, while remaining accessible, and not at the expense of
>> limiting the platform.
>> 
>> ALL of these APIs have significant and problematic implications for
>> privacy. I'm sure everyone here has taken a photo with their phone
>> they would prefer to keep on the phone let alone share their mac
>> address!
>> 
>> 
>> On Thu, May 20, 2010 at 10:22 PM, Doug Turner <dougt@dougt.org> wrote:
>>> yup, fair enough.  :-)
>>> 
>>> sending a mac address to a site is dangerous as it allows the site to always know who the client is and the client can't do anything about it.
>>> 
>>> I think in general that is a bad thing for the people on the web, but maybe widgets have a need for something like this.
>>> 
>>> Is any UA seriously considering exposing this API to the web without some sort of notification to the user that the requesting website is requesting something that is more privileged than normal?
>>> 
>>> I could imagine the API being useful for some sort of mobile widget that exposes your current network setting, etc.
>>> 
>>> Doug
>>> 
>> 
>> 
> 
> 
Received on Friday, 21 May 2010 16:28:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:43 UTC