- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 3 Dec 2014 15:57:20 +0100
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- Cc: Chris Palmer <palmer@google.com>, "public-geolocation@w3.org" <public-geolocation@w3.org>, Mike West <mkwst@google.com>
On Tue, Dec 2, 2014 at 1:38 AM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > It seems much more reasonable for them to expect that "goats.com" is > going to broadcast the coordinates and other identifying information > to any number of third parties without their knowledge or permission > for hyperlocal marketing and worse. Possibly not even intentionally, > the coordinates might simply end up in an address that a third party > analytics script picks up. Users may also fail to realise the site's > going to publically broadcast the coordinates as part of some user's > profile status page. At least this will result in distrust of "goats.com" whereas in the scenario we are concerned with nobody would find out that credentials have been shared with other parties (not until the next big leak anyway). Being able to put trust or distrust in a domain name rather than the network (which you cannot put trust in) is what this is about. The user still gets to chose whether to trust the domain name, but they no longer have to chose whether to trust a network we already know they cannot trust. -- https://annevankesteren.nl/
Received on Wednesday, 3 December 2014 14:57:47 UTC