Re: Sys Info network attributes

I am in complete agreement - We shouldn't be crippling them based on "privacy concerns".  Instead we should be thinking about what UAs can do to ensure that these APIs are run safely with user consent.

Doug


On May 21, 2010, at 8:28 AM, Brian LeRoux wrote:

> You bring up a valuable point Doug and the root of our thinking w/
> PhoneGap. The API's we're talking about are often in the context of
> installable web apps like Mobile Web Applications and Widgets (though
> now Google Chrome is about to blur that line).
> 
> Ultimately, I still feel the API to certain data and sensors should be
> divorced from the permissions that dictate its use (and perhaps
> discoverability). The days of the web being a second class development
> platform wane. It is our job to figure out the best ways to keep the
> web secure, while remaining accessible, and not at the expense of
> limiting the platform.
> 
> ALL of these APIs have significant and problematic implications for
> privacy. I'm sure everyone here has taken a photo with their phone
> they would prefer to keep on the phone let alone share their mac
> address!
> 
> 
> On Thu, May 20, 2010 at 10:22 PM, Doug Turner <dougt@dougt.org> wrote:
>> yup, fair enough.  :-)
>> 
>> sending a mac address to a site is dangerous as it allows the site to always know who the client is and the client can't do anything about it.
>> 
>> I think in general that is a bad thing for the people on the web, but maybe widgets have a need for something like this.
>> 
>> Is any UA seriously considering exposing this API to the web without some sort of notification to the user that the requesting website is requesting something that is more privileged than normal?
>> 
>> I could imagine the API being useful for some sort of mobile widget that exposes your current network setting, etc.
>> 
>> Doug
>> 
> 
> 

Received on Friday, 21 May 2010 15:53:50 UTC