- From: Alissa Cooper <acooper@cdt.org>
- Date: Fri, 5 Jun 2009 11:11:16 -0400
- To: Andrei Popescu <andreip@google.com>
- Cc: public-geolocation <public-geolocation@w3.org>
One more thought on this: > //------------------------------------------------------- > Additional implementation consideration > > This section is non-normative > > Further to the requirements listed in the previous section, > implementors of the Geolocation API are also advised to consider the > following aspects that may negatively affect the privacy of their > users: in certain cases, users may inadvertently grant permission to > the User Agent to disclose their location to Web sites. In other > cases, the content hosted at a certain URL changes in such a way that > the previously granted location permissions no longer apply as far as > a user is concerned. Or the users might simply change their mind. > > While predicting or preventing these situations is inherently > difficult, mitigation and in-depth defensive measures are an > implementation responsibility and not prescribed by this > specification. In designing these measures, implementers are advised > to enable user awareness of location sharing, and to provide easy > access to interfaces that enable revocation of permissions, even when > users have previously granted authorization. > //------------------------------------------------------- Would it be possible to say "revocation of global and per-origin permissions" in the last sentence? The first paragraph alludes to user concerns about specific sites, but I think it's worth making explicit that permission revocation should be thought of as a per-origin control in addition to a global control. Once I've authorized 100 sites, I shouldn't have to de-authorize them all just because I stop trusting one of them. Alissa
Received on Friday, 5 June 2009 15:11:56 UTC