- From: Doug Turner <dougt@dougt.org>
- Date: Wed, 24 Mar 2010 09:17:55 -0700
- To: Dominique Hazael-Massieux <dom@w3.org>
- Cc: public-geolocation <public-geolocation@w3.org>
In the API, we do not have a way to negotiate accuracy. I do not think that we should add yet another meaning to this already poorly named attribute. Doug On Mar 24, 2010, at 1:10 AM, Dominique Hazael-Massieux wrote: > Hi, > > The current Geolocation API editors draft [1] offers an optional > enableHighAccuracy attribute on PositionOptions to make it possible for > developers to inform whether they need a high level of accuracy or not, > in the perspective of the power consumption and time that acquiring very > accurate data may require. > > But this attribute also offers a potentially useful privacy-enabler hook: > indeed, a web site that doesn't need detailed location information can > reduce the privacy risks associated with location information by > ensuring that attribute is set to false. > > But that aspect is not evoked at all in the specification — I think it > should be (and have a specific text proposal below). > > Right now, the spec doesn't recommend NOT sending high-accuracy data > when it is not required, when I think it would clearly make sense for > all interested parties to do so. > > Consider the case of a user who has a GPS that already has a fix, they > go to a website that has enableHighAccuracy set to false. The > application doesn't need accuracy, but nothing in the specification will > prevent high accuracy location information from being sent. Why > needlessly expose information that the website doesn't need? > > More specifically, I think it would make sense to require user agents to > always provide less accurate information when enableHighAccuracy is > false (which is the default when not specified). The algorithm and user > interface shouldn't be specified, and instead be left to the > implementers. The enableHighAccuracy flag could also be used for user > agents as a hook to enable additional privacy-features (that I'll be > happy to discuss if anybody is interested in the few ideas I've had). > > To that end, here is a proposed addition to the spec that would complete > the existing "enableHighAccuracy" description: > When enableHighAccuracy is false, user agents SHOULD ensure that > the location data sent back to the application is of limited > accuracy, regardless of whether higher accuracy data is > available, thus helping to reduce unneeded exposure of > privacy-sensitive data. > > I'm also happy to provide test cases to help determine the current > browsers behavior if that's helpful. > > Dom > > 1. http://dev.w3.org/geo/api/spec-source.html#position_options_interface > > > Doug Turner dougt@dougt.org
Received on Wednesday, 24 March 2010 16:18:32 UTC