Re: [ServiceWorker] Expose GeoLocation to workers (#745) from Richard Maher on 2016-02-10 (public-webapps-github@w3.org from February 2016)

From: Richard Maher <notifications@github.com>
Date: Wed, 10 Feb 2016 15:00:20 -0800
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/745/182624198@github.com>

@martinthomson
> I hate to make this a point of jurisdiction, but I think that this is a discussion that needs to be had in the geolocation working group.

I've been careful to avoid any demarcation issues by always involving the Service Worker AND GeoLocation communities. My lobbying has centered on: -

Forums:
[https://github.com/slightlyoff/ServiceWorker/issues/745](url)
[https://github.com/w3c/geofencing-api/issues/25](url)

Mailing Lists:
public-webapps@w3.org
public-geolocation@w3.org

If there are better forums then please let me know.

Having said that, I am becoming more and more convinced that this is a Service Worker issue. The following is what I believe is required to make this work: -

ServiceWorkerRegistration.travelManager (getSubscription(), permissionState(), subscribe())
The subscribe() method with take options such as (minMsecs/metersl between position updates, accuracy, etc)

A new ServiceWorker "Travel" event will be created. The UserAgent must be able to re-instantiate a previously terminated ServiceWorker on the strength of this event.

One GeoLocation watcher per UserAgent sounds battery-friendly to me!

> I'm very nervous when someone saves their hands when it comes to the privacy story. The web has thus far had a great accountability story and adding the ability to track someone when they aren't visiting your site is one capability that could easily undermine all the good work we've done. I'd want to see a clear plan for how a user is able to remain in control to be even remotely comfortable that watchPosition could be exposed.

God gave us valium and SSRIs for just such occasions. Either way please don't FUD a technical forum with tales of "There be dragons".

Users are running a WebApp and NOT "visiting your site". Permissions are there for just such a requirement. BTW I tested Firefox last night and it is the only browser that DOES continue to track you when the browser is in the background.

But can I ask where have you articulated your fears about WAKE-LOCK and CPU-LOCK back-dooring user-tracking functionality? What about the new GeoFence API? If I throw a 5m GeoFence around my current location and get a "leave" event then surely I can just drop that geofence and recreate another around my new current location. What is that if not user-tracking?

Most importantly, can I stress that this is a user REQUIREMENT and not an IMPOSITION! Ask all the permission questions you want but this simply has to happen.

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/745#issuecomment-182624198

Received on Wednesday, 10 February 2016 23:00:48 UTC