- From: Doug Turner <doug.turner@gmail.com>
- Date: Wed, 29 Oct 2008 09:59:38 -0700
- To: Jon Ferraiolo <jferrai@us.ibm.com>
- Cc: "Aaron Boodman" <aa@google.com>, "Andrei Popescu" <andreip@google.com>, "John Morris" <jmorris@cdt.org>, "Thomson, Martin" <Martin.Thomson@andrew.com>, public-geolocation <public-geolocation@w3.org>
- Message-Id: <D1975C8E-7904-4FA7-A81E-D2E7070D26B1@gmail.com>
I am one of those in the "few others" that totally agree with Jon, Ian, and Aaron. On Oct 29, 2008, at 9:52 AM, Jon Ferraiolo wrote: > I agree with Ian and Aaron (and probably a few others) that > implementation of security and privacy protection should be left to > the "user agent", which in practice usually will consist of the > browser team, the device manufacturer and the operator working > together. All three of these organizations have strong motivation to > implement strong security and privacy protection (for both legal and > commercial reasons). Browser today already include many features to > address security and privacy concerns. The user agent teams will be > sensitive to their needs to add location support in a manner that > doesn't cause trouble to users or themselves. > > In terms of meeting the charter requirement "to define a SECURE AND > PRIVACY-SENSITIVE INTERFACE", my view is that it would be sufficient > to include fuzzy language in the specification that says that the > user agent MUST or SHOULD include a security manager component that > provides appropriate security and privacy protection to the end user. > > Jon > > > <graycol.gif>"Aaron Boodman" <aa@google.com> > > > "Aaron Boodman" <aa@google.com> > 10/28/2008 07:39 PM > > <ecblank.gif> > To > <ecblank.gif> > "John Morris" <jmorris@cdt.org> > <ecblank.gif> > cc > <ecblank.gif> > "Doug Turner" <doug.turner@gmail.com>, "Thomson, Martin" <Martin.Thomson@andrew.com > >, Jon Ferraiolo/Menlo Park/IBM@IBMUS, "Andrei Popescu" <andreip@google.com > >, public-geolocation <public-geolocation@w3.org> > <ecblank.gif> > Subject > <ecblank.gif> > Re: wording for the privacy section > <ecblank.gif> <ecblank.gif> > > On Tue, Oct 28, 2008 at 5:52 PM, John Morris <jmorris@cdt.org> wrote: > > According to the charter, the objective of this WG is "to define a > SECURE > > AND PRIVACY-SENSITIVE INTERFACE for using client-side location > information > > in location-aware Web applications." To simply assert in a spec > that any > > implementation MUST take privacy into account while being silent > on HOW to > > do so accomplishes nothing, and will do absolutely nothing to > change the > > norm - which is to wholly ignore privacy. It is crystal clear > from both the > > charter and the list discussion that that the spec being proposed > will be > > used in broad diversity of use cases (not just manual user input of > > location), and simply waiving a privacy wand over the whole effort > does not > > constitute a "secure and privacy-sensitive interface." It > constitutes > > business-as-usual by leaving privacy for someone else to worry > about (and > > ultimately for the end user to lose out on). > > This spec is intended to be implemented primarily by web browsers. I > don't see what reason there is to believe that web browser developers > would ignore privacy. In fact, as far as I'm aware, all current > implementations require user permission before divulging location to > applications. This makes sense since any browser which abused users' > privacy would quickly lose them. > > - a >
Attachments
- text/html attachment: stored
- image/gif attachment: pic06199.gif
Received on Wednesday, 29 October 2008 17:00:19 UTC