- From: John Morris <jmorris@cdt.org>
- Date: Fri, 2 Jul 2010 15:34:56 -0400
- To: Andrei Popescu <andreip@google.com>
- Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Andrei, On Jul 2, 2010, at 1:05 PM, Andrei Popescu wrote: > Hi John, > .... >> I make these points simply to assert that the fact that the >> Geolocation WG >> "talked to death" the idea of taking action to protect privacy (and >> rejected >> that idea) is not evidence that such action should be rejected today. > > But the Geolocation WG did not reject the idea of taking action to > protect privacy. I think it is regrettable to make such a statement. > > We simply rejected the idea of adding privacy attributes to the API > and presented convincing reasons why we thought it was not protecting > any privacy. Meanwhile, as far as I know, no new evidence was brought > to this debate so the reasons we had to reject the idea back then are > still valid today. It may be semantics, but I think it is precisely accurate to say that the WG declined to take action to protect privacy - at least if action means (as I intended) actually doing something to design the API itself to address privacy. What the WG did was to simply perpetuate the old, broken model of privacy on the web, in which websites set the rules and the user has no ability to control their information. Although the privacy exhortations in the Geolocation API spec are quite strong - and we greatly appreciate that strong language - the spec contains only exhortations. As you know, I think the conclusions that the WG reached were wrong at the time, and so even if "no new evidence" emerged since then I would still think that DAP should go back to consider the issues (especially since, unlike Geolocation, DAP is not limited to a pre-existing API). But there is in fact significant new evidence - evidence that shows that website implementers/users of the Geolocation API are rampantly ignoring privacy and giving users very little notice and no significant control. In other words, the precise bad results that we predicted two years ago have come to pass. So I think there is ample "new evidence" that suggests the DAP group should take a new look at the issues. I urge you and the other browser makers to actively participate in those efforts. John
Received on Friday, 2 July 2010 19:35:36 UTC