[geolocation-api] Restrict access to visible and user-activation-received frames (#48) from pes via GitHub on 2020-06-30 (public-device-apis-log@w3.org from June 2020)

From: pes via GitHub <sysbot+gh@w3.org>
Date: Tue, 30 Jun 2020 03:06:50 +0000
To: public-device-apis-log@w3.org
Message-ID: <issues.opened-647817571-1593486409-sysbot+gh@w3.org>

pes10k has just created a new issue for https://github.com/w3c/geolocation-api:

== Restrict access to visible and user-activation-received frames ==
Geolocation functionality poses clear benefits and risks to user privacy.  In order to better distinguish the former from the latter, and prevent location from becoming an unknown ongoing tracking vector, the spec should require signals that the user is intentionally interacting with a frame before the frame can request location data (even for a frame that was previously given location permission).

Two common signals that should be incorporated into the spec are that frames need to be visible, and to have received a user activation before they can access location information, even if the frame was previously given permission.

Please view or discuss this issue at https://github.com/w3c/geolocation-api/issues/48 using your GitHub account

Received on Tuesday, 30 June 2020 03:06:52 UTC