Re: Additional security and privacy considerations? from Andrei Popescu on 2009-05-26 (public-geolocation@w3.org from May 2009)

From: Andrei Popescu <andreip@google.com>
Date: Tue, 26 May 2009 18:33:50 +0100
To: Thomas Roessler <tlr@w3.org>
Cc: Greg Bolsinga <bolsinga@apple.com>, Doug Turner <doug.turner@gmail.com>, Rigo Wenning <rigo@w3.org>, public-geolocation <public-geolocation@w3.org>
Message-ID: <708552fb0905261033o4044ef68k9f838ac913e35ba2@mail.gmail.com>

On Tue, May 26, 2009 at 6:27 PM, Thomas Roessler <tlr@w3.org> wrote:
> On 26 May 2009, at 19:03, Greg Bolsinga wrote:
>
>>> Thanks Andrei.  I think I agree with most of what you said.  As I stated
>>> before, Mozilla will make up its own mind regarding UI in Firefox and
>>> Fenenc.  We agreed that having an explict permission dialog with the user
>>> before sharing geolocation, but I do not think we would be down for having
>>> some flashing widget thing that tells you that geolocation is happening.  My
>>> point of view is that we shouldn't spec out stuff that is going to make most
>>> UAs non-conforming, that a blinking LED that says "the browser is doing
>>> something" hurts users and is dreadfully ugly, and "forgetting" the user
>>> permission after some seemingly random time interval is a really bad idea.
>
>> +1 This spec is about getting a location, not how it is implemented.
>
> So, let's take a step back here.
>
> Are you objecting against having *any* privacy considerations in the spec?
>  Or are you objecting against having a MUST in normative language?
>
> As I said early on in this thread, I could live with text along the lines of
> what I proposed included as non-normative implementation guidance (or a
> "strong should", or something like that), distinct from conformance
> requirements, *if* that helps to get clear guidance on privacy into the
> specification. It was Andrei who brought up the point that the privacy
> considerations are currently meant to be normative.
>
> Care to elaborate?
>

My impression is that the existing wording (location permissions must
not be granted without user consent and users must be able to revoke
sticky permissions) was agreed by everyone and are normative. What we
are discussing here are the extensions you suggested:

1. User agents must inform the user when Web applications acquire
location information based on a consent granted previously.
2. User agents should limit the scope of authorizations in time by
asking for re-authorization in certain intervals.

Thanks,
Andrei

Thanks,
Andrei

Received on Tuesday, 26 May 2009 17:34:27 UTC