- From: John Morris <jmorris@cdt.org>
- Date: Wed, 29 Oct 2008 00:04:01 -0400
- To: "Aaron Boodman" <aa@google.com>
- Cc: "Doug Turner" <doug.turner@gmail.com>, "Thomson, Martin" <Martin.Thomson@andrew.com>, "Jon Ferraiolo" <jferrai@us.ibm.com>, "Andrei Popescu" <andreip@google.com>, public-geolocation <public-geolocation@w3.org>
Aaron, my response to Ian tries to explain why I think it is a bad idea to rely simply on the good faith of the browser makers..... John At 7:39 PM -0700 10/28/08, Aaron Boodman wrote: >On Tue, Oct 28, 2008 at 5:52 PM, John Morris <jmorris@cdt.org> wrote: >> According to the charter, the objective of this WG is "to define a SECURE >> AND PRIVACY-SENSITIVE INTERFACE for using client-side location information >> in location-aware Web applications." To simply assert in a spec that any >> implementation MUST take privacy into account while being silent on HOW to >> do so accomplishes nothing, and will do absolutely nothing to change the >> norm - which is to wholly ignore privacy. It is crystal clear from both the >> charter and the list discussion that that the spec being proposed will be >> used in broad diversity of use cases (not just manual user input of >> location), and simply waiving a privacy wand over the whole effort does not >> constitute a "secure and privacy-sensitive interface." It constitutes >> business-as-usual by leaving privacy for someone else to worry about (and >> ultimately for the end user to lose out on). > >This spec is intended to be implemented primarily by web browsers. I >don't see what reason there is to believe that web browser developers >would ignore privacy. In fact, as far as I'm aware, all current >implementations require user permission before divulging location to >applications. This makes sense since any browser which abused users' >privacy would quickly lose them. > >- a
Received on Wednesday, 29 October 2008 04:04:46 UTC