- From: Brian LeRoux <brian.leroux@nitobi.com>
- Date: Fri, 21 May 2010 08:28:35 -0700
- To: Doug Turner <dougt@dougt.org>
- Cc: Alissa Cooper <acooper@cdt.org>, W3C Device APIs and Policy WG <public-device-apis@w3.org>
You bring up a valuable point Doug and the root of our thinking w/ PhoneGap. The API's we're talking about are often in the context of installable web apps like Mobile Web Applications and Widgets (though now Google Chrome is about to blur that line). Ultimately, I still feel the API to certain data and sensors should be divorced from the permissions that dictate its use (and perhaps discoverability). The days of the web being a second class development platform wane. It is our job to figure out the best ways to keep the web secure, while remaining accessible, and not at the expense of limiting the platform. ALL of these APIs have significant and problematic implications for privacy. I'm sure everyone here has taken a photo with their phone they would prefer to keep on the phone let alone share their mac address! On Thu, May 20, 2010 at 10:22 PM, Doug Turner <dougt@dougt.org> wrote: > yup, fair enough. :-) > > sending a mac address to a site is dangerous as it allows the site to always know who the client is and the client can't do anything about it. > > I think in general that is a bad thing for the people on the web, but maybe widgets have a need for something like this. > > Is any UA seriously considering exposing this API to the web without some sort of notification to the user that the requesting website is requesting something that is more privileged than normal? > > I could imagine the API being useful for some sort of mobile widget that exposes your current network setting, etc. > > Doug >
Received on Friday, 21 May 2010 15:34:13 UTC