- From: Nick Doty <npdoty@ischool.berkeley.edu>
- Date: Sun, 12 Apr 2009 18:10:39 -0400
- To: Doug Turner <doug.turner@gmail.com>
- Cc: Henning Schulzrinne <hgs@cs.columbia.edu>, Andrei Popescu <andreip@google.com>, public-geolocation@w3.org
- Message-Id: <F9C3B307-440A-4B15-A37B-3F8763F7CCB2@ischool.berkeley.edu>
I certainly recognize the concern from the UA side; I'm just hopeful we can find some balance to help users make an informed decision. It seems like there are a number of cases where UAs do show site content in the browser UI, even though that content might be false or misleading. Offhand, I can think of Javascript alerts, the <title> element, self-signed certificates and the status bar (though I guess window.status is often disabled by default these days). And as was mentioned earlier, Google Gears had a custom UI with a message from the site, and I suspect most people couldn't distinguish Google Gears UI from the browser UI. It seems to me that there's a trade-off here, and I just happen to think that the risk of adding one more piece of site-generated content into the browser UI is worthwhile, since I think it's a dangerous precedent for users to make decisions about revealing personal information without context of how the information will be kept and used. Could UAs mitigate the risk by making it very explicit that this is content from the site and isn't verified? (I believe this is how self-signed certificates are handled.) Or perhaps free-form text is really the problem for dangerously misleading users: what if structured fields were used (like a boolean re-transmission and date for retention, as was suggested by geopriv) rather than an arbitrary string from the requesting site? That way a malicious site couldn't use the browser chrome for expansive phishing purposes, they would only be misrepresenting a couple of properties of their privacy policy. [Response on a website using its own UI on the other fork of this thread. Sorry, there's a lot to respond to here.] Thanks for all the feedback, Nick On Apr 8, 2009, at 12:46 PM, Doug Turner wrote: > I think that the point is UAs do a lot of work to only provide > factual text in UI. Allowing any site to declare its usage and not > have any way for UAs to verify and enforce this assertion will lead > us to a place where the browser chrome is less trusted; and that is > something we aren't going to do. > > Furthermore, websites can provide UI, via content, before the > security dialog appears if they wanted to. There are existing > examples of this on the web. > > Doug > > > > On Apr 8, 2009, at 8:00 AM, Henning Schulzrinne wrote: > >> I don't understand that this is a real problem; a simple >> >> "The site you are visiting is providing the following usage >> information:" >> >> makes it clear that this is provided by the web site, not a third >> party. Particularly on small form factor mobile devices, trying to >> find this information will be hard, particularly since the pop up >> asking may well be modal, so that the user can't do anything except >> click on something. >> >>> >>> >> >>> +1. I understand that putting the explanatory text into the >>> browser's >>> permission dialog widget may provide more context for the user's >>> decision but the risk outweighs the advantage, IMHO. >>> >>> Note that in our privacy section we strongly encourage web sites to >>> disclose this information anyway. The proposed wording (thanks to >>> Alissa and others) is >>> >>> "Recipients must clearly and conspicuously disclose the fact that >>> they >>> are collecting location data, the purpose for the collection (...)" >>> >>> Please see >>> >>> http://lists.w3.org/Archives/Public/public-geolocation/2009Apr/0036.html >>> >>> for the full discussion. >>> >>> Thanks, >>> Andrei >>> >>> >> >
Received on Sunday, 12 April 2009 22:11:37 UTC