- From: Doug Turner <dougt@dougt.org>
- Date: Fri, 21 May 2010 10:04:12 -0700
- To: <Frederick.Hirsch@nokia.com> <Frederick.Hirsch@nokia.com>
- Cc: <brian.leroux@nitobi.com>, <acooper@cdt.org>, <public-device-apis@w3.org>
Thanks for your response Frederick! You do not have to stretch very far to imagine a use case for the mac address as part of the system information. The simplest use case is to just display the information to the user. On the Nokia n900, there is a little gtk app called HomeIP that shows similar information. On many devices there is a MAC address sticker. You could imagine that an application could be used instead to display the MAC to tech support, etc. Also, I am not happy about the policy framework, nor do I think that it will be implemented by Mozilla. I would have hoped for something alot simpler. I guess it has to do with me not really visualizing how I would expose any of this policy framework in terms of UI to the user. Regards, Doug On May 21, 2010, at 9:26 AM, <Frederick.Hirsch@nokia.com> <Frederick.Hirsch@nokia.com> wrote: > Doug > > There are always choices of what to include or not to include. How would removing certain attributes for which we have no clear use cases being "crippling"? In specific terms, why would removing the items Alissa matters be a concern? Would it make sense to defer them to v2? I'm trying to understand this. > > That said, it seems we all agree that the overall framework for privacy and policy is important. Are you able to help move that work forward, perhaps by reviewing the policy framework specification? > > Thanks > > regards, Frederick > > Frederick Hirsch, Nokia > Co-Chair, W3C DAP Working Group > > > > > On May 21, 2010, at 11:53 AM, ext Doug Turner wrote: > >> I am in complete agreement - We shouldn't be crippling them based on "privacy concerns". Instead we should be thinking about what UAs can do to ensure that these APIs are run safely with user consent. >> >> Doug >> >> >> On May 21, 2010, at 8:28 AM, Brian LeRoux wrote: >> >>> You bring up a valuable point Doug and the root of our thinking w/ >>> PhoneGap. The API's we're talking about are often in the context of >>> installable web apps like Mobile Web Applications and Widgets (though >>> now Google Chrome is about to blur that line). >>> >>> Ultimately, I still feel the API to certain data and sensors should be >>> divorced from the permissions that dictate its use (and perhaps >>> discoverability). The days of the web being a second class development >>> platform wane. It is our job to figure out the best ways to keep the >>> web secure, while remaining accessible, and not at the expense of >>> limiting the platform. >>> >>> ALL of these APIs have significant and problematic implications for >>> privacy. I'm sure everyone here has taken a photo with their phone >>> they would prefer to keep on the phone let alone share their mac >>> address! >>> >>> >>> On Thu, May 20, 2010 at 10:22 PM, Doug Turner <dougt@dougt.org> wrote: >>>> yup, fair enough. :-) >>>> >>>> sending a mac address to a site is dangerous as it allows the site to always know who the client is and the client can't do anything about it. >>>> >>>> I think in general that is a bad thing for the people on the web, but maybe widgets have a need for something like this. >>>> >>>> Is any UA seriously considering exposing this API to the web without some sort of notification to the user that the requesting website is requesting something that is more privileged than normal? >>>> >>>> I could imagine the API being useful for some sort of mobile widget that exposes your current network setting, etc. >>>> >>>> Doug >>>> >>> >>> >> >> >
Received on Friday, 21 May 2010 17:05:01 UTC