Re: w/r/t Privacy

On Tue, 4 Nov 2008 13:05:42 +0000, Andrei Popescu <> wrote:
> IMHO, it wasn't flawed. It seems to me that your argument is based on
> the implicit but false premise that the Greg advocated a simple
> allow/don't allow permission dialog.

You're right, that is the premise my argument was based upon, and it may be false. I may have misinterpreted when he said "If they are presented with more options than allow or don't allow ... [bad stuff will happen]". To me that sounded like he was advocating the simple dialog approach.

> But this is the exact opposite of
> Greg's argument! So, in effect, you make the case for the Geolocation
> API spec *not enforcing* a particular privacy mechanism.

I guess you could see it that way. My point was more that for a platform that already provides Geopriv privacy prompts to the user, the only UI that would be consistent for the web case is the same Geopriv privacy prompt. However, since passing those Geopriv usage rules to the web page doesn't in any way guarantee that they will be used, it would be misleading to the user to display that Geopriv privacy prompt (since it comes with the implicit expectation that those rules will be followed). So in effect users of that platform are screwed either way. The either get an inconsistent UI that will be confusing, or are misled as to what will happen with their data. The same is true of any platform that attempts to provide more fine-grained control over privacy data than this spec allows/will allow.

So in a way, yes, this API will undermine platform-based attempts at providing fine-grained control over privacy, regardless of whether they are based on Geopriv or something else. This isn't the fault of the spec per se, but is just an artifact of how the web works - there's no way to enforce that the usage rules actually get followed. (Aside: the UA may be able to enforce that the rules are read by throwing an exception if the position data object is accessed before the usage rules object, but that seems analogous to the useless click-through licenses you find everywhere, and still doesn't guarantee that the rules will actually be followed).

Given the choice between confusing users and misleading users, it seems that CDT is advocating the "misleading users" approach and everybody else is advocating the "confusing users" approach. Both seem pretty bad to me, but I can't think of any other solution that makes sense either.


Received on Tuesday, 4 November 2008 14:15:13 UTC