- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 25 Nov 2014 10:50:34 -0800
- To: Mike West <mkwst@google.com>
- Cc: Mark Watson <watsonm@netflix.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@fb.com>
On 22 November 2014 at 06:03, Mike West <mkwst@google.com> wrote: > Geolocation isn't something we can just turn off for insecure contexts, but > it's certainly something where we can experiment with degrading the insecure > experience (by shortening permission lifetimes, for instance I should think that removing any sort of persistent permission would be an obvious immediate step, rather than reducing by steps. Any site that has persistent permission over an unauthenticated origin is going to expose users pretty badly. > or by coarsening the location ...or by randomly generating failures with increasing frequency. Both of which do more to annoy users than motivate a change. I agree that it is worth finding a way to phase this out, but announcing a date is probably the best approach. Announce a date we can all agree to and turn the feature off.
Received on Tuesday, 25 November 2014 18:51:05 UTC