W3C home > Mailing lists > Public > public-geolocation@w3.org > March 2009

RE: Intended usage notification

From: Thomson, Martin <Martin.Thomson@andrew.com>
Date: Thu, 26 Mar 2009 16:00:52 -0500
Message-ID: <E51D5B15BFDEFD448F90BDD17D41CFF1059106AB@AHQEX1.andrew.com>
To: "Greg Bolsinga" <bolsinga@apple.com>, "Doug Turner" <doug.turner@gmail.com>
Cc: <public-geolocation@w3.org>
This is not intended to be binding, so liars will be free to do that.  

This establishes a common expectation from users.  If offers a standard way to get a message about why the notification exists in front of a user.  Otherwise, we have the case where users learn to click through with no consideration for their privacy - the warning is effectively made irrelevant.

--Martin

> -----Original Message-----
> From: Greg Bolsinga [mailto:bolsinga@apple.com]
> Sent: Thursday, 26 March 2009 1:53 PM
> To: Doug Turner
> Cc: Thomson, Martin; public-geolocation@w3.org
> Subject: Re: Intended usage notification
> 
> Doug++
> 
> On Mar 26, 2009, at 1:47 PM, Doug Turner wrote:
> 
> >
> > Hi Martin,
> >
> > Bad sites will lie, a few will probably do the "right" thing, and
> > everyone else will just be confused.  Can't sites just use existing
> > APIs to keep the user informed of what they are trying to do?
> >
> > Doug
> >
> > On Mar 26, 2009, at 1:39 PM, Thomson, Martin wrote:
> >
> >> I'd like to suggest a change that would require specification.  It
> >> just occurred to me that the notification mechanism is lacking.
> >>
> >> Currently, when a site (or page) acquires location information, the
> >> typical user interface explains that the site wants location and
> >> offers the user an option: yes/no.  This notification does not
> >> provide sufficient additional information for the user to make an
> >> informed decision.
> >>
> >> I have no concrete suggestion, so consider this as requirements
> >> input.  Maybe this can be entered as an issue.
> >>
> >> When asked, the user needs to rely on information from the site to
> >> make this decision, information that might only be available from a
> >> linked privacy policy, or from the context of the page, or
> >> something else.
> >>
> >> If the site were able to provide a small snippet of information
> >> that could be provided by the browser alongside its prompt:
> >>
> >> The site http://example.com/ wants to use this information for the
> >> following purpose:
> >>  "We need your location so that we can find services near you."
> >> or    "Your wife thinks that you are cheating her, we're tracking
> >> you at her request."
> >> or    "We are tracking your whereabouts because we think you are a
> >> drug dealer."
> >> Allow this request: [ yes ] [ no ].  [x] Remember this choice.
> >>
> >> Maybe this could also allow a link to the site privacy policy as it
> >> applies to location.
> >>
> >> A second notification would be required if the description of the
> >> usage changes at all.  This would allow sites to partition their
> >> usage and would allow UAs to restrict usage to those that are
> >> important to it.
> >>
> >> In anticipation of the expected response to this - I don't expect
> >> that multiple notifications will be common - such a thing would
> >> badly damage user experience.
> >>
> >> Such a thing would be quite useful to establish user expectations.
> >> This could help with the privacy story.
> >>
> >> Cheers,
> >> Martin
> >>
> >> --------------------------------------------------------------------
> ----------------------------
> >> This message is for the designated recipient only and may
> >> contain privileged, proprietary, or otherwise private information.
> >> If you have received it in error, please notify the sender
> >> immediately and delete the original.  Any unauthorized use of
> >> this email is prohibited.
> >> --------------------------------------------------------------------
> ----------------------------
> >> [mf2]
> >
> >
> 

------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]
Received on Thursday, 26 March 2009 21:01:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:33:52 UTC