- From: Andrei Popescu <andreip@google.com>
- Date: Tue, 4 Nov 2008 14:49:44 +0000
- To: Kartikaya Gupta <lists.geolocation@stakface.com>
- Cc: Greg Bolsinga <bolsinga@apple.com>, public-geolocation <public-geolocation@w3.org>
Hello, On Tue, Nov 4, 2008 at 2:07 PM, Kartikaya Gupta <lists.geolocation@stakface.com> wrote: > On Tue, 4 Nov 2008 13:05:42 +0000, Andrei Popescu <andreip@google.com> wrote: > >> But this is the exact opposite of >> Greg's argument! So, in effect, you make the case for the Geolocation >> API spec *not enforcing* a particular privacy mechanism. >> > > I guess you could see it that way. My point was more that for a platform that already provides Geopriv privacy prompts to the user, the only UI that would be consistent for the web case is the same Geopriv privacy prompt. However, since passing those Geopriv usage rules to the web page doesn't in any way guarantee that they will be used, it would be misleading to the user to display that Geopriv privacy prompt (since it comes with the implicit expectation that those rules will be followed). Indeed, it appears so. > So in effect users of that platform are screwed either way. The either get an inconsistent UI that will be confusing, or are misled as to what will happen with their data. Ah, with this I disagree. What you are saying is true only for the case where: 1. The platform implements a mechanism that misleads the users about what will happen to their data, 2. The Web UA on the same platform decides to implement a different mechanism. But how about a case where the platform implements a privacy mechanism that is not misleading? In such a case, the UA will implement / use the same mechanism, which is both not misleading and not confusing :) So the point I am trying to make is that the Geolocation specification should allow an implementation to make its own choices, essentially making it possible for UAs to actually achieve the optimal non-misleading and non-confusing scenario. > So in a way, yes, this API will undermine platform-based attempts at providing fine-grained control over privacy, regardless of whether they are based on Geopriv or something else. Again, this holds true only if "users are screwed anyway". But I think that's false, as demonstrated above. >This isn't the fault of the spec per se, but is just an artifact of how the web works - there's no way to enforce that the usage rules actually get followed. IMHO, this is an artifact of how such policy based rules work (if indeed this is how the system in question works), not of how the Web works. > > Given the choice between confusing users and misleading users, it seems that CDT is advocating the "misleading users" approach and everybody else is advocating the "confusing users" approach. Both seem pretty bad to me, but I can't think of any other solution that makes sense either. > How about the third alternative, which has been suggested several times in various threads: allowing for the implementation to pick the best choice for their users? Thanks, Andrei
Received on Tuesday, 4 November 2008 14:50:51 UTC