W3C home > Mailing lists > Public > public-geolocation@w3.org > April 2009

Re: Intended usage notification

From: Nick Doty <npdoty@ischool.berkeley.edu>
Date: Sun, 12 Apr 2009 18:10:39 -0400
Cc: Henning Schulzrinne <hgs@cs.columbia.edu>, Andrei Popescu <andreip@google.com>, public-geolocation@w3.org
Message-Id: <F9C3B307-440A-4B15-A37B-3F8763F7CCB2@ischool.berkeley.edu>
To: Doug Turner <doug.turner@gmail.com>
I certainly recognize the concern from the UA side; I'm just hopeful  
we can find some balance to help users make an informed decision.

It seems like there are a number of cases where UAs do show site  
content in the browser UI, even though that content might be false or  
misleading.  Offhand, I can think of Javascript alerts, the <title>  
element, self-signed certificates and the status bar (though I guess  
window.status is often disabled by default these days).  And as was  
mentioned earlier, Google Gears had a custom UI with a message from  
the site, and I suspect most people couldn't distinguish Google Gears  
UI from the browser UI.

It seems to me that there's a trade-off here, and I just happen to  
think that the risk of adding one more piece of site-generated content  
into the browser UI is worthwhile, since I think it's a dangerous  
precedent for users to make decisions about revealing personal  
information without context of how the information will be kept and  
used.  Could UAs mitigate the risk by making it very explicit that  
this is content from the site and isn't verified?  (I believe this is  
how self-signed certificates are handled.)

Or perhaps free-form text is really the problem for dangerously  
misleading users: what if structured fields were used (like a boolean  
re-transmission and date for retention, as was suggested by geopriv)  
rather than an arbitrary string from the requesting site?  That way a  
malicious site couldn't use the browser chrome for expansive phishing  
purposes, they would only be misrepresenting a couple of properties of  
their privacy policy.

[Response on a website using its own UI on the other fork of this  
thread.  Sorry, there's a lot to respond to here.]

Thanks for all the feedback,

On Apr 8, 2009, at 12:46 PM, Doug Turner wrote:

> I think that the point is UAs do a lot of work to only provide  
> factual text in UI.  Allowing any site to declare its usage and not  
> have any way for UAs to verify and enforce this assertion will lead  
> us to a place where the browser chrome is less trusted; and that is  
> something we aren't going to do.
> Furthermore, websites can provide UI, via content, before the  
> security dialog appears if they wanted to.  There are existing  
> examples of this on the web.
> Doug
> On Apr 8, 2009, at 8:00 AM, Henning Schulzrinne wrote:
>> I don't understand that this is a real problem; a simple
>> "The site you are visiting is providing the following usage  
>> information:"
>> makes it clear that this is provided by the web site, not a third  
>> party. Particularly on small form factor mobile devices, trying to  
>> find this information will be hard, particularly since the pop up  
>> asking may well be modal, so that the user can't do anything except  
>> click on something.
>>> +1. I understand that putting the explanatory text into the  
>>> browser's
>>> permission dialog widget may provide more context for the user's
>>> decision but the risk outweighs the advantage, IMHO.
>>> Note that in our privacy section we strongly encourage web sites to
>>> disclose this information anyway. The proposed wording (thanks to
>>> Alissa and others) is
>>> "Recipients must clearly and conspicuously disclose the fact that  
>>> they
>>> are collecting location data, the purpose for the collection (...)"
>>> Please see
>>> http://lists.w3.org/Archives/Public/public-geolocation/2009Apr/0036.html
>>> for the full discussion.
>>> Thanks,
>>> Andrei

Received on Sunday, 12 April 2009 22:11:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:54 UTC