Re: enableHighAccuracy as a privacy feature from Matt Womer on 2010-03-24 (public-geolocation@w3.org from March 2010)

From: Matt Womer <mdw@w3.org>
Date: Wed, 24 Mar 2010 13:56:38 -0400
To: Doug Turner <dougt@dougt.org>
Cc: Dominique Hazael-Massieux <dom@w3.org>, "Thomson, Martin" <Martin.Thomson@andrew.com>, public-geolocation <public-geolocation@w3.org>
Message-Id: <774B092E-F38A-43A9-B5AB-A9C02340E60E@w3.org>

Hi all,

On Mar 24, 2010, at 12:56 PM, Doug Turner wrote:
> <snip>
>
> I think that there might be many assumptions, but the one that  
> stands out to me is that:
>
> the bad guys will always ask for high accuracy bit,
> the people in the "know" will do the "right thing",
> and everyone else will be confused.

This assumes the only "bad guy" is the one developing the web site.   
The bad guy could be a third-party snooping on the wire.  As it  
stands, the spec allows for the scenario where a web site that doesn't  
require high accuracy to get high accuracy regardless.  Why send more  
information than the developer indicated they required?

-Matt

Received on Wednesday, 24 March 2010 17:56:40 UTC