- From: Andrei Popescu <andreip@google.com>
- Date: Fri, 5 Jun 2009 17:02:52 +0100
- To: Alissa Cooper <acooper@cdt.org>
- Cc: public-geolocation <public-geolocation@w3.org>
Hi Alissa, On Fri, Jun 5, 2009 at 4:11 PM, Alissa Cooper<acooper@cdt.org> wrote: > One more thought on this: > >> //------------------------------------------------------- >> Additional implementation consideration >> >> This section is non-normative >> >> Further to the requirements listed in the previous section, >> implementors of the Geolocation API are also advised to consider the >> following aspects that may negatively affect the privacy of their >> users: in certain cases, users may inadvertently grant permission to >> the User Agent to disclose their location to Web sites. In other >> cases, the content hosted at a certain URL changes in such a way that >> the previously granted location permissions no longer apply as far as >> a user is concerned. Or the users might simply change their mind. >> >> While predicting or preventing these situations is inherently >> difficult, mitigation and in-depth defensive measures are an >> implementation responsibility and not prescribed by this >> specification. In designing these measures, implementers are advised >> to enable user awareness of location sharing, and to provide easy >> access to interfaces that enable revocation of permissions, even when >> users have previously granted authorization. >> //------------------------------------------------------- > > Would it be possible to say "revocation of global and per-origin > permissions" in the last sentence? The first paragraph alludes to user > concerns about specific sites, but I think it's worth making explicit that > permission revocation should be thought of as a per-origin control in > addition to a global control. Once I've authorized 100 sites, I shouldn't > have to de-authorize them all just because I stop trusting one of them. > What are "global permissions"? The permissions must be per-origin, as stated in the normative privacy section. Thanks, Andrei
Received on Friday, 5 June 2009 16:03:28 UTC