Re: Additional security and privacy considerations? from Erik Wilde on 2009-05-18 (public-geolocation@w3.org from May 2009)

From: Erik Wilde <dret@berkeley.edu>
Date: Mon, 18 May 2009 16:08:31 -0700
To: public-geolocation@w3.org
CC: Rigo Wenning <rigo@w3.org>
Message-ID: <4A11EA6F.2010803@berkeley.edu>

hello.

Rigo Wenning wrote:
> All this can be derived from the requirement to have the user's 
> consent when acquiring location data as required by two EU Directives 
> and subsequent transposed national law. As there is always new data 
> sent over, the legal requirements are not met with a one time 
> permission for data disclosure for an unforeseeable future.  

at the risk of repeating myself, i want to point out to something i sent 
  to the list a while ago. 3rd party trackers are increasingly moving 
from cookies to javascript. one reason is that 3rd party cookies now can 
(and sometimes are) blocked by browsers, and browsers have configuration 
options for that. the other reason is that the information available 
through scripting is much richer than cookie information. imagine for a 
second that urchin.js, probably the most widely executed javascript on 
the web (the code feeding google analytics) starts requesting location 
information. given the fact how pervasive 3rd party tracking is these 
days [1], this would mean that iphone users (or any other GPS- or 
skyhook-enabled phones) would leave an almost perfect location trail 
from their phones.

i think that this is in very different domain than donating my IP 
address or screen size or browser type to 3rd party trackers. and while 
i might want to use location features on web sites as soon as they start 
implementing them, i might not be willing to disclose my location to 3rd 
parties affiliated with those sites (and many of the popular web sites 
have an amazing number of affiliated 3rd parties). it seems to me that 
in case of location, this really is something that needs to be handled 
carefully, and i am wondering whether the browser of the future will 
have more "3rd party information disclosure" controls that just "3rd 
party cookies".

kind regards,

erik wilde   tel:+1-510-6432253 - fax:+1-510-6425814
        dret@berkeley.edu  -  http://dret.net/netdret
        UC Berkeley - School of Information (ISchool)

[1] http://www2009.org/proceedings/pdf/p541.pdf

Received on Monday, 18 May 2009 23:09:26 UTC