Geolocation: Security and Privacy from Alec Berntson on 2008-06-06 (public-geolocation@w3.org from June 2008)

From: Alec Berntson <alecb@windows.microsoft.com>
Date: Fri, 6 Jun 2008 11:32:01 -0700
To: "public-geolocation@w3.org" <public-geolocation@w3.org>
Message-ID: <D8939A2F7A8C124ABE6075E08C52CDCA03F79293@TK5-EXMBX-W603v.wingroup.windeploy.ntd>

One of the most important aspects of the geolocation API spec (IMO) will be the privacy and security requirements. The user's current location is probably the most one of the most sensitive pieces of personal information available. The references in the draft spec point to a few solid approaches that I would like to highlight (and build on):

Opt-out by default
    By default, no page can access the users location

UI to alert the user
    There needs to be an alert when a page requests the user's location
    There needs to be some form of status UI indicating when location data is being accessed

Least privilege
    The user should be given the option to allow access to a page (or domain) for
       Just this once
       Just this session
       Always
    Data 'fuzzing'
       User can control how much resolution to give to a page
       Add noise to the data if more accurate information is available than is requested

Logging
    Keep a log of what information was given out to whom

Hope that kicks off some discussion!
    -Alec

Received on Saturday, 7 June 2008 16:32:40 UTC