- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 23 Oct 2008 20:23:44 +0000 (UTC)
- To: John Morris <jmorris@cdt.org>
- Cc: public-geolocation@w3.org, Alissa Cooper <acooper@cdt.org>
On Thu, Oct 23, 2008 at 7:36 PM, John Morris <jmorris@cdt.org> wrote: > > Based on the initial spec, it appears that the privacy of the location > information conveyed in accordance with the spec is being treated > separately from the conveyance of the information itself. Some of the > list discussions suggest that that privacy controls associated with the > location information should be handled independently by the UI. And, as > the privacy and security considerations section of the spec is blank, > we're guessing that privacy controls are assumed to be handled elsewhere > or at best later. Could you elaborate on the exact scenario through which a user's privacy can be violated? As I understand it, the user has full control over whether a site has access to this information or not, and would thus only give the information to a site that the user trusts to not abuse the information. If the user doesn't trust the site not to abuse the information, then it doesn't matter what privacy theory is passed along with the location, the site can't be trusted to make abuse it (by definition). This seems equivalent to all other private information a user gives a site access to, such as credit card details, social security numbers, preferences, etc. The information is held under the terms of the site's privacy policy, and the user makes a decision as to whether to provide the information based on whether they trust the site operator or not. If you could provide a concrete example of a scenario that involves a privacy violation that you are concerned about that would be very helpful. Cheers, -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 23 October 2008 20:24:21 UTC