W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2009

Re: Additional security and privacy considerations?

From: Andrei Popescu <andreip@google.com>
Date: Fri, 5 Jun 2009 17:02:52 +0100
Message-ID: <708552fb0906050902l616ed80dqca7313880d152e2a@mail.gmail.com>
To: Alissa Cooper <acooper@cdt.org>
Cc: public-geolocation <public-geolocation@w3.org>
Hi Alissa,

On Fri, Jun 5, 2009 at 4:11 PM, Alissa Cooper<acooper@cdt.org> wrote:
> One more thought on this:
>
>> //-------------------------------------------------------
>> Additional implementation consideration
>>
>> This section is non-normative
>>
>> Further to the requirements listed in the previous section,
>> implementors of the Geolocation API are also advised to consider the
>> following aspects that may negatively affect the privacy of their
>> users: in certain cases, users may inadvertently grant permission to
>> the User Agent to disclose their location to Web sites. In other
>> cases, the content hosted at a certain URL changes in such a way that
>> the previously granted location permissions no longer apply as far as
>> a user is concerned. Or the users might simply change their mind.
>>
>> While predicting or preventing these situations is inherently
>> difficult, mitigation and in-depth defensive measures are an
>> implementation responsibility and not prescribed by this
>> specification. In designing these measures, implementers are advised
>> to enable user awareness of location sharing, and to provide easy
>> access to interfaces that enable revocation of permissions, even when
>> users have previously granted authorization.
>> //-------------------------------------------------------
>
> Would it be possible to say "revocation of global and per-origin
> permissions" in the last sentence? The first paragraph alludes to user
> concerns about specific sites, but I think it's worth making explicit that
> permission revocation should be thought of as a per-origin control in
> addition to a global control. Once I've authorized 100 sites, I shouldn't
> have to de-authorize them all just because I stop trusting one of them.
>

What are "global permissions"? The permissions must be per-origin, as
stated in the normative privacy section.

Thanks,
Andrei
Received on Friday, 5 June 2009 16:03:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:56 UTC