- From: Alissa Cooper <acooper@cdt.org>
- Date: Wed, 20 May 2009 10:09:51 -0400
- To: Doug Turner <doug.turner@gmail.com>
- Cc: Erik Wilde <dret@berkeley.edu>, public-geolocation@w3.org, Rigo Wenning <rigo@w3.org>
Is there precedent in other specs for restricting access to the parent document? Although it may not become a mainstream practice, I have a pretty good feeling that once this API gets out there some service provider or ad network will start using iframes to track a user's location across different sites based on a single consent. If there isn't a strong argument for allowing access from iframes, I think it makes sense to restrict geolocation to parents. Alissa On May 18, 2009, at 7:21 PM, Doug Turner wrote: > erik, > > I am not sure I follow the argument. so, say urchin.js starts > requesting geolocation. That would mean that _EVERY_ site that you > visit which uses this script (cnn.com, google,com, espn.com, etc) > would prompt the user for geolocation. We are basing asking for > permission on the document's origin -- not some script that it loads. > > I did suggest before that we may want to consider restricting > geolocation to parent documents (eg. not allow geolocation access > from iframes) as a way to mitigate xss and other attacks. Is that > what you are thinking about here? > > Thanks, > Doug > > On May 18, 2009, at 4:08 PM, Erik Wilde wrote: > >> hello. >> >> Rigo Wenning wrote: >>> All this can be derived from the requirement to have the user's >>> consent when acquiring location data as required by two EU >>> Directives and subsequent transposed national law. As there is >>> always new data sent over, the legal requirements are not met with >>> a one time permission for data disclosure for an unforeseeable >>> future. >> >> at the risk of repeating myself, i want to point out to something i >> sent to the list a while ago. 3rd party trackers are increasingly >> moving from cookies to javascript. one reason is that 3rd party >> cookies now can (and sometimes are) blocked by browsers, and >> browsers have configuration options for that. the other reason is >> that the information available through scripting is much richer >> than cookie information. imagine for a second that urchin.js, >> probably the most widely executed javascript on the web (the code >> feeding google analytics) starts requesting location information. >> given the fact how pervasive 3rd party tracking is these days [1], >> this would mean that iphone users (or any other GPS- or skyhook- >> enabled phones) would leave an almost perfect location trail from >> their phones. >> >> i think that this is in very different domain than donating my IP >> address or screen size or browser type to 3rd party trackers. and >> while i might want to use location features on web sites as soon as >> they start implementing them, i might not be willing to disclose my >> location to 3rd parties affiliated with those sites (and many of >> the popular web sites have an amazing number of affiliated 3rd >> parties). it seems to me that in case of location, this really is >> something that needs to be handled carefully, and i am wondering >> whether the browser of the future will have more "3rd party >> information disclosure" controls that just "3rd party cookies". >> >> kind regards, >> >> erik wilde tel:+1-510-6432253 - fax:+1-510-6425814 >> dret@berkeley.edu - http://dret.net/netdret >> UC Berkeley - School of Information (ISchool) >> >> [1] http://www2009.org/proceedings/pdf/p541.pdf >> > > >
Received on Wednesday, 20 May 2009 14:10:38 UTC