W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2008

Re: Geolocation: Security and Privacy

From: Doug Schepers <schepers@w3.org>
Date: Sun, 08 Jun 2008 20:51:43 -0400
Message-ID: <484C7E9F.2070700@w3.org>
Cc: "public-geolocation@w3.org" <public-geolocation@w3.org>

Hi, Alec-

Alec Berntson wrote (on 6/6/08 2:32 PM):
> Least privilege
>     The user should be given the option to allow access to a page (or domain) for
>        Just this once
>        Just this session
>        Always

Along the same lines, we might consider the temporal aspect.  Do we want 
an app to be able to track us over a period of time, such as for 
driving/walking directions?  I guess that would be covered by session, 
most likely... but there might be use cases that a mere session might 
not deal with.

>     Data 'fuzzing'
>        User can control how much resolution to give to a page
>        Add noise to the data if more accurate information is available than is requested

A UI might wish to allow a user to set a preference based on 
precision... someone might not mind a known (or even unknown) 
page/webapp/widget to access their location within, say a few 
kilometers... but would want to be alerted if it tried to get a more 
precise fix than that.

However, I am reluctant to dictate too much along the lines of UI 
features... traditionally, that's been mostly left to the UA to decide. 
  It's always a delicate balance between security and annoyance.

-Doug Schepers
W3C Team Contact, SVG, CDF, and WebAPI
Received on Monday, 9 June 2008 00:52:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:33:49 UTC