RE: Geolocation: Security and Privacy from Alec Berntson on 2008-06-09 (public-geolocation@w3.org from June 2008)

From: Alec Berntson <alecb@windows.microsoft.com>
Date: Mon, 9 Jun 2008 11:19:57 -0700
To: Doug Schepers <schepers@w3.org>
CC: "public-geolocation@w3.org" <public-geolocation@w3.org>
Message-ID: <D8939A2F7A8C124ABE6075E08C52CDCA03FF2E79@TK5-EXMBX-W603v.wingroup.windeploy.ntd>

If you were comfortable giving the site access for a session, you would probably be OK with it having access for longer. The browser should make it easy to revoke that permission, so the user could give permanent access, and then take it away when they are done. Or a session could be re-defined to be a duration of time, rather than a log-on/log off type approach.

Instead of dictating the UI, the API could required a requested accuracy as a parameter when it asks for data, and the browser can manage that through whatever UI it feels is appropriate (such as the UI in [AZALOC] from http://dev.w3.org/geo/api/spec-source.html)

-----Original Message-----
From: Doug Schepers [mailto:schepers@w3.org]
Sent: Sunday, June 08, 2008 5:52 PM
Cc: public-geolocation@w3.org
Subject: Re: Geolocation: Security and Privacy

Hi, Alec-

Alec Berntson wrote (on 6/6/08 2:32 PM):
>
> Least privilege
>     The user should be given the option to allow access to a page (or domain) for
>        Just this once
>        Just this session
>        Always

Along the same lines, we might consider the temporal aspect.  Do we want
an app to be able to track us over a period of time, such as for
driving/walking directions?  I guess that would be covered by session,
most likely... but there might be use cases that a mere session might
not deal with.

>     Data 'fuzzing'
>        User can control how much resolution to give to a page
>        Add noise to the data if more accurate information is available than is requested

A UI might wish to allow a user to set a preference based on
precision... someone might not mind a known (or even unknown)
page/webapp/widget to access their location within, say a few
kilometers... but would want to be alerted if it tried to get a more
precise fix than that.

However, I am reluctant to dictate too much along the lines of UI
features... traditionally, that's been mostly left to the UA to decide.
  It's always a delicate balance between security and annoyance.

Regards-
-Doug Schepers
W3C Team Contact, SVG, CDF, and WebAPI

Received on Monday, 9 June 2008 18:20:45 UTC