Re: [ServiceWorker] Expose GeoLocation to workers (#745)

@martinthomson <https://github.com/martinthomson>

I hate to make this a point of jurisdiction, but I think that this is a
discussion that needs to be had in the geolocation working group.

I've been careful to avoid any demarcation issues by always involving the
Service Worker AND GeoLocation communities. My lobbying has centered on: -

Forums:
https://github.com/slightlyoff/ServiceWorker/issues/745
<https://github.com/slightlyoff/ServiceWorker/issues/url>
https://github.com/w3c/geofencing-api/issues/25
<https://github.com/slightlyoff/ServiceWorker/issues/url>

Mailing Lists:
public-webapps@w3.org
public-geolocation@w3.org

If there are better forums then please let me know.

Having said that, I am becoming more and more convinced that this is a
Service Worker issue. The following is what I believe is required to make
this work: -

ServiceWorkerRegistration.travelManager (getSubscription(),
permissionState(), subscribe())
The subscribe() method with take options such as (minMsecs/metersl between
position updates, accuracy, etc)

A new ServiceWorker "Travel" event will be created. The UserAgent must be
able to re-instantiate a previously terminated ServiceWorker on the
strength of this event.

One GeoLocation watcher per UserAgent sounds battery-friendly to me!

I'm very nervous when someone saves their hands when it comes to the
privacy story. The web has thus far had a great accountability story and
adding the ability to track someone when they aren't visiting your site is
one capability that could easily undermine all the good work we've done.
I'd want to see a clear plan for how a user is able to remain in control to
be even remotely comfortable that watchPosition could be exposed.

God gave us valium and SSRIs for just such occasions. Either way please
don't FUD a technical forum with tales of "There be dragons".

Users are running a WebApp and NOT "visiting your site". Permissions are
there for just such a requirement. BTW I tested Firefox last night and it
is the only browser that DOES continue to track you when the browser is in
the background.

But can I ask where have you articulated your fears about WAKE-LOCK and
CPU-LOCK back-dooring user-tracking functionality? What about the new
GeoFence API? If I throw a 5m GeoFence around my current location and get a
"leave" event then surely I can just drop that geofence and recreate
another around my new current location. What is that if not user-tracking?

Most importantly, can I stress that this is a user REQUIREMENT and not an
IMPOSITION! Ask all the permission questions you want but this simply has
to happen.

Received on Wednesday, 10 February 2016 23:06:09 UTC