W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2009

Re: Additional security and privacy considerations?

From: Alissa Cooper <acooper@cdt.org>
Date: Fri, 5 Jun 2009 11:11:16 -0400
Cc: public-geolocation <public-geolocation@w3.org>
Message-Id: <2F4A003D-6620-4DA4-9DC7-2FFDC10658E7@cdt.org>
To: Andrei Popescu <andreip@google.com>
One more thought on this:

> //-------------------------------------------------------
> Additional implementation consideration
> This section is non-normative
> Further to the requirements listed in the previous section,
> implementors of the Geolocation API are also advised to consider the
> following aspects that may negatively affect the privacy of their
> users: in certain cases, users may inadvertently grant permission to
> the User Agent to disclose their location to Web sites. In other
> cases, the content hosted at a certain URL changes in such a way that
> the previously granted location permissions no longer apply as far as
> a user is concerned. Or the users might simply change their mind.
> While predicting or preventing these situations is inherently
> difficult, mitigation and in-depth defensive measures are an
> implementation responsibility and not prescribed by this
> specification. In designing these measures, implementers are advised
> to enable user awareness of location sharing, and to provide easy
> access to interfaces that enable revocation of permissions, even when
> users have previously granted authorization.
> //-------------------------------------------------------

Would it be possible to say "revocation of global and per-origin  
permissions" in the last sentence? The first paragraph alludes to user  
concerns about specific sites, but I think it's worth making explicit  
that permission revocation should be thought of as a per-origin  
control in addition to a global control. Once I've authorized 100  
sites, I shouldn't have to de-authorize them all just because I stop  
trusting one of them.

Received on Friday, 5 June 2009 15:11:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:56 UTC