Re: Intended usage notification from Doug Turner on 2009-03-26 (public-geolocation@w3.org from March 2009)

From: Doug Turner <doug.turner@gmail.com>
Date: Thu, 26 Mar 2009 13:47:25 -0700
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
Cc: <public-geolocation@w3.org>
Message-Id: <89020B60-B35F-43C4-9DE3-3B508708C116@gmail.com>

Hi Martin,

Bad sites will lie, a few will probably do the "right" thing, and  
everyone else will just be confused.  Can't sites just use existing  
APIs to keep the user informed of what they are trying to do?

Doug

On Mar 26, 2009, at 1:39 PM, Thomson, Martin wrote:

> I'd like to suggest a change that would require specification.  It  
> just occurred to me that the notification mechanism is lacking.
>
> Currently, when a site (or page) acquires location information, the  
> typical user interface explains that the site wants location and  
> offers the user an option: yes/no.  This notification does not  
> provide sufficient additional information for the user to make an  
> informed decision.
>
> I have no concrete suggestion, so consider this as requirements  
> input.  Maybe this can be entered as an issue.
>
> When asked, the user needs to rely on information from the site to  
> make this decision, information that might only be available from a  
> linked privacy policy, or from the context of the page, or something  
> else.
>
> If the site were able to provide a small snippet of information that  
> could be provided by the browser alongside its prompt:
>
> The site http://example.com/ wants to use this information for the  
> following purpose:
>   "We need your location so that we can find services near you."
> or    "Your wife thinks that you are cheating her, we're tracking  
> you at her request."
> or    "We are tracking your whereabouts because we think you are a  
> drug dealer."
> Allow this request: [ yes ] [ no ].  [x] Remember this choice.
>
> Maybe this could also allow a link to the site privacy policy as it  
> applies to location.
>
> A second notification would be required if the description of the  
> usage changes at all.  This would allow sites to partition their  
> usage and would allow UAs to restrict usage to those that are  
> important to it.
>
> In anticipation of the expected response to this - I don't expect  
> that multiple notifications will be common - such a thing would  
> badly damage user experience.
>
> Such a thing would be quite useful to establish user expectations.   
> This could help with the privacy story.
>
> Cheers,
> Martin
>
> ------------------------------------------------------------------------------------------------
> This message is for the designated recipient only and may
> contain privileged, proprietary, or otherwise private information.
> If you have received it in error, please notify the sender
> immediately and delete the original.  Any unauthorized use of
> this email is prohibited.
> ------------------------------------------------------------------------------------------------
> [mf2]

Received on Thursday, 26 March 2009 20:48:17 UTC