Re: Additional security and privacy considerations? from Doug Turner on 2009-05-18 (public-geolocation@w3.org from May 2009)

From: Doug Turner <doug.turner@gmail.com>
Date: Mon, 18 May 2009 16:21:40 -0700
To: Erik Wilde <dret@berkeley.edu>
Cc: public-geolocation@w3.org, Rigo Wenning <rigo@w3.org>
Message-Id: <F4D97C7F-6D8D-4EC2-9247-1C2AE223DB72@gmail.com>

erik,

I am not sure I follow the argument.  so, say urchin.js starts  
requesting geolocation.  That would mean that _EVERY_ site that you  
visit which uses this script (cnn.com, google,com, espn.com, etc)  
would prompt the user for geolocation.  We are basing asking for  
permission on the document's origin -- not some script that it loads.

I did suggest before that we may want to consider restricting  
geolocation to parent documents (eg. not allow geolocation access from  
iframes) as a way to mitigate xss and other attacks.  Is that what you  
are thinking about here?

Thanks,
Doug

On May 18, 2009, at 4:08 PM, Erik Wilde wrote:

> hello.
>
> Rigo Wenning wrote:
>> All this can be derived from the requirement to have the user's  
>> consent when acquiring location data as required by two EU  
>> Directives and subsequent transposed national law. As there is  
>> always new data sent over, the legal requirements are not met with  
>> a one time permission for data disclosure for an unforeseeable  
>> future.
>
> at the risk of repeating myself, i want to point out to something i  
> sent  to the list a while ago. 3rd party trackers are increasingly  
> moving from cookies to javascript. one reason is that 3rd party  
> cookies now can (and sometimes are) blocked by browsers, and  
> browsers have configuration options for that. the other reason is  
> that the information available through scripting is much richer than  
> cookie information. imagine for a second that urchin.js, probably  
> the most widely executed javascript on the web (the code feeding  
> google analytics) starts requesting location information. given the  
> fact how pervasive 3rd party tracking is these days [1], this would  
> mean that iphone users (or any other GPS- or skyhook-enabled phones)  
> would leave an almost perfect location trail from their phones.
>
> i think that this is in very different domain than donating my IP  
> address or screen size or browser type to 3rd party trackers. and  
> while i might want to use location features on web sites as soon as  
> they start implementing them, i might not be willing to disclose my  
> location to 3rd parties affiliated with those sites (and many of the  
> popular web sites have an amazing number of affiliated 3rd parties).  
> it seems to me that in case of location, this really is something  
> that needs to be handled carefully, and i am wondering whether the  
> browser of the future will have more "3rd party information  
> disclosure" controls that just "3rd party cookies".
>
> kind regards,
>
> erik wilde   tel:+1-510-6432253 - fax:+1-510-6425814
>       dret@berkeley.edu  -  http://dret.net/netdret
>       UC Berkeley - School of Information (ISchool)
>
> [1] http://www2009.org/proceedings/pdf/p541.pdf
>

Received on Monday, 18 May 2009 23:22:31 UTC