Re: w/r/t Privacy from Greg Bolsinga on 2008-11-03 (public-geolocation@w3.org from November 2008)

From: Greg Bolsinga <bolsinga@apple.com>
Date: Mon, 3 Nov 2008 14:43:33 -0800
To: Alissa Cooper <acooper@cdt.org>
Cc: public-geolocation <public-geolocation@w3.org>
Message-Id: <753B53EB-E72A-4734-B32D-3417AB0E594B@apple.com>

On Nov 3, 2008, at 9:43 AM, Alissa Cooper wrote:

> I am a little confused about what you mean here. When you say  
> "scheme and UI," does that mean something other than UI? I agree  
> that the spec should not dictate UI (my last email contained a UI  
> discussion only because there was a specific question about it).
>
> But if you're saying that all privacy considerations (including  
> consent) should be optional whether they manifest in a UI or not,  
> that's a different story. Can you clarify?

A platform may already have a privacy policy and UI for setting  
location privacy policies in place. A platform developer may not want  
these to behave differently just for web pages. If the UI (and  
policies) were different for web pages and other programs that use the  
same location service, it would be confusing to the users.

As a concrete example, on iPhone, CoreLocation displays a dialog twice  
for each native application, telling the user that the application  
wants to track its location. The user can Allow or Not Allow. In  
Settings the user can turn off CoreLocation for the device completely,  
as well as wipe all Location warnings. Once the warnings are wiped,  
the user is challenged again when they use a CoreLocation application.  
This behavior is what an iPhone user is expecting for privacy and  
location based services.

If the Geolocation specification has differing UI or warning  
expiration requirements than a given platform, I believe it will be  
for the worse. In this situation, web pages requiring location  
services will behave differently than the platform. If the location  
services are granted, and suddenly expire without user interaction,  
the user will think something is broken because it doesn't work like  
the rest of the platform. If they are presented with more options than  
allow or don't allow (and are asked too often) they will ignore these  
warnings and get annoyed with them (see Vista security dialogs for a  
case study).

I think the Geolocation API provides a simple and good way for web  
pages to get location data. It seems to me that privacy considerations  
are orthogonal issues to what this API accomplishes.

Thanks,
-- Greg

Received on Monday, 3 November 2008 22:52:23 UTC