W3C home > Mailing lists > Public > public-geolocation@w3.org > October 2008

RE: wording for the privacy section

From: Thomson, Martin <Martin.Thomson@andrew.com>
Date: Tue, 28 Oct 2008 21:17:42 -0500
Message-ID: <E51D5B15BFDEFD448F90BDD17D41CFF105072EF5@AHQEX1.andrew.com>
To: "Ian Hickson" <ian@hixie.ch>, "John Morris" <jmorris@cdt.org>
Cc: "public-geolocation" <public-geolocation@w3.org>
Hi Ian,

I think that you might have misinterpreted John's use of the word "developer".  In the web context, it's so often used to refer to site developers that you tend to forget that "developer" also applies to folks like Doug, who build the API in browsers.  I'll let John correct me, but developer in this context refers to both.

Cheers,
Martin

> -----Original Message-----
> From: Ian Hickson [mailto:ian@hixie.ch]
> Sent: Wednesday, 29 October 2008 12:08 PM
> To: John Morris
> Cc: Doug Turner; Thomson, Martin; Jon Ferraiolo; Andrei Popescu;
> public-geolocation
> Subject: Re: wording for the privacy section
> 
> On Tue, 28 Oct 2008, John Morris wrote:
> >
> > According to the charter, the objective of this WG is "to define a
> > SECURE AND PRIVACY-SENSITIVE INTERFACE for using client-side location
> > information in location-aware Web applications."  To simply assert in
> a
> > spec that any implementation MUST take privacy into account while
> being
> > silent on HOW to do so accomplishes nothing, and will do absolutely
> > nothing to change the norm - which is to wholly ignore privacy.
> 
> I think what we need is an API that is the JS equivalent of the API in
> the
> iPhone OS stack, which is privacy-sensitive in exactly the same opaque
> way. Do you think that the iPhone implementation is insecure?
> 
> 
> > [...] the output of [the geopriv] group is a standard that seeks to
> > FORCE developers to deal directly with privacy (or to consciously
> choose
> > to ignore privacy by ignoring an essential element of the IETF
> > standard).
> 
> Having the developers have to worry about privacy is a lost cause,
> IMHO,
> especially in the Web space where the developers are actively hostile
> in
> many cases. Much better to put this in the hands of the user, under the
> control of the user agent. The UA is trusted software already, and
> there
> are very few UA implementors relative to the number of site
> implementors,
> so it is far easier to get it right at that level.
> 
> --
> Ian Hickson               U+1047E                )\._.,--....,'``.
> fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._
> ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-
> .;.'

------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]
Received on Wednesday, 29 October 2008 02:18:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:52 UTC