W3C home > Mailing lists > Public > public-geolocation@w3.org > May 2014

Re: [User Context] GeoLoc missing API for user justification in prompts

From: James Craig <jcraig@apple.com>
Date: Fri, 30 May 2014 11:16:29 -0700
Cc: timeless <timeless@gmail.com>, Indie UI <public-indie-ui@w3.org>, "mandyam@quicinc.com" <mandyam@quicinc.com>
Message-id: <3CEADA2B-3EB4-4820-889C-3DD50BCCD2C7@apple.com>
To: Anne van Kesteren <annevk@annevk.nl>, "public-geolocation@w3.org" <public-geolocation@w3.org>
On May 30, 2014, at 10:43 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Fri, May 30, 2014 at 7:39 PM, James Craig <jcraig@apple.com> wrote:
>> On May 29, 2014, at 11:37 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
>>> They're also a huge spoofing risk as the message looks like it comes
>>> from the UA rather than the page. We should not do this.
>> 
>> You are confusing two separate problems:
>> 
>> 1. There is no standard way to explain why the site wants location info. (Spec problem.)
> 
> This is not a problem.

Simply stating it's "not a problem" does not make it so.

Others besides me have asked for this. My original email listed real problems I've run into as a user. Giri even mentioned that Nick's research at Berkeley illustrated the same problem.

>> 2. UI details of how that explanation should be shown. (Implementation detail.)
> 
> Again, letting pages control text of *trusted* UI, even hidden under
> "Show details", is not an option.

Simply stating it's "not an option" does not make it so, either.

Your implication that this cannot be done or cannot be done well is very prescriptive and somewhat narrow-minded. There are plenty of talented UI designers in the world that can make it clear whether a string of text comes from a *trusted* source or not, even if it's exposed somewhere inside or near other *trusted* UI. 
Received on Friday, 30 May 2014 18:16:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:08 UTC