Re: [geolocation-api] Explicitly limit permission lifetimes (#47) from Yoav Weiss via GitHub on 2020-07-01 (public-device-apis-log@w3.org from July 2020)

From: Yoav Weiss via GitHub <sysbot+gh@w3.org>
Date: Wed, 01 Jul 2020 07:14:10 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-652237919-1593587645-sysbot+gh@w3.org>

> I didn't earlier because generally in HR we try to identify issues and have the WG come up with the solutions (we've been told in the past WG prefer that pattern than having the HR group suggest specific concrete examples).

Hey @pes10k! :)

I believe you're (at least partially) referring to feedback I provided in the past, so I'd like to clarify it. In this particular case the underlying issue you're surfacing is "Users' geolocation permissions seem to last longer than users are aware of, which is a serious privacy concern". What you're proposing here (regardless of the straw proposal text above) is *one* possible solution to that problem.

Time-boxing permissions may be something UAs choose to do, but they may solve this UX problem in other ways.
E.g., as a user, I would like my browser to *always* keep geolocation permissions to my favorite mapping webapp, give one-time permissions to random-physical-store.com (when I want to find the nearest store to my physical location), and never give permissions (nor ever-ever ask me again) to random-publisher.com. In the case of the mapping webapp, my browser could periodically remind me that the permission is still granted, and allow me to easily revoke it.

That kind of a UX solution (and many possible others - I'm far from being a UX person) is something your proposed solution will not enable, regardless of the exact phrasing. This is why we don't mandate browser UI in specifications - it's something that is likely (and should) evolve over time to address the user's needs, and iteration is the best way to achieve that.

Therefore, I think it makes more sense to capture the *intention* in spec, rather than a specific possible method to execute it. Maybe something like "User agents SHOULD protect users from inadvertently granting permissions to geolocation data, and from inadvertently keeping those permissions alive for longer than users intend to".
It needs to be a SHOULD rather than MUST, because UI is fuzzy and not something we can easily test to ensure compliance.

--
GitHub Notification of comment by yoavweiss
Please view or discuss this issue at https://github.com/w3c/geolocation-api/issues/47#issuecomment-652237919 using your GitHub account

Received on Wednesday, 1 July 2020 07:14:12 UTC