Re: w/r/t Privacy


On Tue, Nov 4, 2008 at 2:07 PM, Kartikaya Gupta
<> wrote:
> On Tue, 4 Nov 2008 13:05:42 +0000, Andrei Popescu <> wrote:
>> But this is the exact opposite of
>> Greg's argument! So, in effect, you make the case for the Geolocation
>> API spec *not enforcing* a particular privacy mechanism.
> I guess you could see it that way. My point was more that for a platform that already provides Geopriv privacy prompts to the user, the only UI that would be consistent for the web case is the same Geopriv privacy prompt. However, since passing those Geopriv usage rules to the web page doesn't in any way guarantee that they will be used, it would be misleading to the user to display that Geopriv privacy prompt (since it comes with the implicit expectation that those rules will be followed).

Indeed, it appears so.

> So in effect users of that platform are screwed either way. The either get an inconsistent UI that will be confusing, or are misled as to what will happen with their data.

Ah, with this I disagree. What you are saying is true only for the case where:

1. The platform implements a mechanism that misleads the users about
what will happen to their data,
2. The Web UA on the same platform decides to implement a different mechanism.

But how about a case where the platform implements a privacy mechanism
that is not misleading? In such a case, the UA will implement / use
the same mechanism, which is both not misleading and not confusing :)
So the point I am trying to make is that the Geolocation specification
should allow an implementation to make its own choices, essentially
making it possible for UAs to actually achieve the optimal
non-misleading and non-confusing scenario.

> So in a way, yes, this API will undermine platform-based attempts at providing fine-grained control over privacy, regardless of whether they are based on Geopriv or something else.

Again, this holds true only if "users are screwed anyway". But I think
that's false, as demonstrated above.

>This isn't the fault of the spec per se, but is just an artifact of how the web works - there's no way to enforce that the usage rules actually get followed.

IMHO, this is an artifact of how such policy based rules work (if
indeed this is how the system in question works), not of how the Web

> Given the choice between confusing users and misleading users, it seems that CDT is advocating the "misleading users" approach and everybody else is advocating the "confusing users" approach. Both seem pretty bad to me, but I can't think of any other solution that makes sense either.

How about the third alternative, which has been suggested several
times in various threads: allowing for the implementation to pick the
best choice for their users?


Received on Tuesday, 4 November 2008 14:50:51 UTC