W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2009

Re: Geopriv compromise proposal

From: Andrei Popescu <andreip@google.com>
Date: Tue, 16 Jun 2009 13:29:45 +0100
Message-ID: <708552fb0906160529h36ed2a6di1ba26fc7e903dc4b@mail.gmail.com>
To: Rigo Wenning <rigo@w3.org>
Cc: public-geolocation@w3.org, Thomas Roessler <tlr@w3.org>
Hi Rigo,

On Tue, Jun 16, 2009 at 8:53 AM, Rigo Wenning<rigo@w3.org> wrote:
> On Monday 15 June 2009, Andrei Popescu wrote:
>
>> Personally, I don't think this is needed: optional privacy-related
>> fields in the API suffer from the drawbacks explained by Ian and
>> are very likely to be ignored.
>
> Whether they will be ignored or not, is a decision by the implementer.
> And NO, this is not at all harmful in the sense that Ian Hickson
> described. I have understood the remarks differently. Ian Hickson may
> clarify. Because this would mean that you and others would consider
> P3P harmful to browsers and exposing users to risks. I have heard a
> lot of things about P3P, but not that it exposes users to higher
> risks.
>

My intent was to express doubts about optional privacy-related fields
in the API:  since some UAs will implement them and some won't, Web
sites will have to make their own privacy UIs and ignore these fields.
Furthermore, having the UA render privacy material supplied by the
website can indeed lead to erosion of user's trust of the UA, as
described by Ian.  In fact, we have already discussed your idea back
in March and consensus was against it:

http://lists.w3.org/Archives/Public/public-geolocation/2009Mar/0131.html

>> Furthermore,  the "Privacy
>> considerations for recipients of location information" section says
>> that the privacy policies applied to the location requests must be
>> disclosed "clearly and conspicuously". Web sites can do this using
>> their own UI, no need to push this into the API.
>
> You're missing the point, as interoperability would require that the
> UA as a decision point has some information about the applicable
> policy and where to find it before sending the location data.

I am sorry I am missing the point. Please bare with me, because I
think I am still missing it. What exactly are you talking about here?
The UA isn't the decision point, the user is: the user decides, not
the UA! Users make decisions about whether they trust a Web site based
on its content. A Web site communicates with its users using HTML.

> This
> sort of requirement typically is part of an API. My element would tell
> how to bind a P3P Policy to a location data request to the UA. (Or
> start a negotiation process in PRIME or PrimeLife)
>

I thought the element "doesn't have any semantics"...now you seem to
suggest that the URL parameter binds specifically to a P3P policy? How
is that not semantics? Besides, I thought P3P defines its own binding
mechanisms, in its own spec.

> Referring to the Website UI just means: "gimme the 25 pages of
> legalese per request".

Why does it have to always mean that?

> Here it is just a URI field
> with meaning "reserved for policy". I think I could provide a wording
> for the Spec..
>

Again, I think we've had this discussion before.

>  My
> suggested tag would be the opener for the world of policy without
> affecting the API for those not willing to care for privacy at all.
>

It seems you are proposing an optional URI field and those who won't
implement it == "those not willing to care for privacy at all". This
is exactly what we have discussed many times before: it is a classic
"false dilemma" and it is dangerous since it implies that everybody
who has implemented this API without the extra URI parameter doesn't
care about privacy. This is completely false, but won't prevent others
from making the same mistake as you and causing a rather big and
unfair problem for our implementers.

Thanks,
Andrei
Received on Tuesday, 16 June 2009 12:30:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:56 UTC