- From: Philippe De Ryck <philippe.deryck@cs.kuleuven.be>
- Date: Wed, 03 Aug 2011 11:19:50 +0200
- To: public-geolocation@w3.org
- Cc: Giles Hogben <Giles.Hogben@enisa.europa.eu>, Lieven Desmet <Lieven.Desmet@cs.kuleuven.be>
> > Issue > > ------- > > > > By forcing the retrieval of a cached value, using a timeout of 0, a > > script can obtain the last cached position. By repeating this with > > increasingly smaller values of maximumAge until an error occurs, it can > > determine an approximate timestamp of this position. > > > > Why would anyone want to determine the approximate timestamp of cached > position? One can just look at the position's "timestamp" attribute to > determine the exact value: > > http://dev.w3.org/geo/api/spec-source.html#timestamp > > I'm afraid I don't fully understand what the issue is exactly. It seems unlogical that an origin with location permissions can retrieve an old cached value (which is past its usefulness), as in the example below. The fact that you also get an extremely accurate timestamp (instead of having to determine it) further increases the relevance of this privacy issue. I do agree that a cached value can be very useful to limit the number of invocations of the location mechanism, although a cached position loses its value after quite some time, and might become more privacy-sensitive than a live location. This can be limited by putting a maximum lifetime on cached locations. Example: If I give a site permission to know where I am when I visit it, this does not necessarily mean that that site should be able to know where I was when I previously (i.e. longer ago than the useful lifetime of a cached value) used a location based service (i.e. the last cached location). -- Philippe De Ryck K.U.Leuven, Dept. of Computer Science Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Received on Wednesday, 3 August 2011 09:40:40 UTC