- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Thu, 30 Jun 2011 16:19:19 +0200
- To: Wojciech Masłowski <wmaslowski@opera.com>
- Cc: Andrei Popescu <andreip@google.com>, Anne van Kesteren <annevk@opera.com>, Steve Block <steveblock@google.com>, Doug Turner <doug.turner@gmail.com>, Lars Erik Bolstad <lbolstad@opera.com>, "public-geolocation@w3.org" <public-geolocation@w3.org>
Le jeudi 30 juin 2011 à 16:12 +0200, Wojciech Masłowski a écrit : > Probably watchPosition is better in that case but what I tried to say is > that it would be really is hard for > UA to differentiate between legit application and application which > tracks you. Just asking if user > allows the script to set up proximity alarms + a heuristic to warn user > about possible tracking and ask > him if he wants to retract his permissions is an interesting idea, but > it will only work if the heuristic is > quite accurate. What I had in mind was not to retract permissions after the fact, but rather that when the application asks for proximity alerts, it needs to send as a parameter all the locations that would trigger the alert. Based on that parameter, the UA would analyze (according to heuristics of its own) whether the request should be: * granted after asking the user with a non-scary message * flatly denied (in which case the app could then ask for watchPosition) * granted after asking the user with a really scary message (or granted only if the user has a privileged relationship with the site, or ...) Dom
Received on Thursday, 30 June 2011 14:19:42 UTC