- From: Erik Wilde <dret@berkeley.edu>
- Date: Mon, 15 Jun 2009 09:05:57 -0700
- To: "public-geolocation@w3.org" <public-geolocation@w3.org>
hello doug. Doug Turner wrote: > Mobile Safari (Greg can confirm), Google Gears (including Android), and > Firefox 3.5 do not restrict device apis to TLD -- IFRAMEs are allowed to > access each geolocation. I suggested we consider restricting these > sorts of APIs at the Device Security Workgroup back in December. It was > more of a strawman position I took to get feedback, and much of the > feedback was considerations around what we would break. just confirming to understand what's going on: this means when a site is granted access to location, all 3rd parties behind it will have access to the user's location as well, right? given the current coverage of the few major 3rd party trackers, that means that effectively, users will become traceable via the majority of the web sites they're interacting with. my guess is that this kind of behavioral profiling will raise more than a few eyebrows, plus it may simply be illegal in non-american jurisdictions with a heavier emphasis on privacy protection (europe comes to mind). i am not a legal expert, but maybe somebody with a better understanding of the legal landscape could give their opinion about the chances of this becoming a legal stumbling block for the API. cheers, dret. ps: http://knowprivacy.org/ contains some interesting statistics about 3rd party coverage of popular sites and privacy issues related to that; http://www2009.org/proceedings/pdf/p541.pdf is an interesting paper from the recent WWW2009 conference about the same issue.
Received on Monday, 15 June 2009 16:06:41 UTC