- From: Richard Maher <maherrj@googlemail.com>
- Date: Wed, 17 Feb 2016 09:42:11 +0800
- To: public-geolocation@w3.org, public-webapps@w3.org, mandyam@qti.qualcomm.com
- Message-ID: <CABvL1xpJu-Pf9Fv_RUWMb+uMssVReeztkDJe6OS1Dsi8fs_-jQ@mail.gmail.com>
Hi, I have no experience with how a W3C standard gets off the ground, or an existing standard gets modified, but it would appear that a Working Group Technical Report is required. Either way, none of the browser manufacturers seem keen on implementing this functionality without W3C involvement so I implore you to look at my proposal to enhance to the GEOSPATIAL and JAVASCRIPT APIs standards for background device-tracking. NB. These are Apples and the proposed GeoFencing API are Oranges. I am happy to explain that claim at anytime. If someone will volunteer to pick this idea up and run with it the HTML5 Web App world will be a much better place! Solution: - I propose a new W3C standard implementing a "TravelManager" and exposing the interface to ServiceWorkers. This interface would be very similar to the existing PushManager interface. E.g. ServiceWorkerRegistration.travelManager (getSubscription(), permissionState(), subscribe()) The subscribe() method with take options such as (minMsecs/metersl between position updates, accuracy, etc) A new ServiceWorker "Travel" event will be created. The UserAgent must be able to re-instantiate a previously terminated ServiceWorker on the strength of this event. Power consumption mitigation: - 1) The Web App is allowed to sleep as it does now ABSOLUTELY NO requestWakeLock("gps") required. 2) Although Android mandates that it "can" terminate a browser at any time, a well resourced device need not terminate Service Workers as soon as the event Loop is empty. This allows a single SW to service many GPS readings an forward them to a server in a single instance/lifetime. 2) If no browser/user-agent instance is active then it should NOT be run-up in order to accept the GPS. Thus the user is always capable of guaranteeing an end to tracking by killing the browser. User-empowerment, transparency, and governance: - 1) User permission must be explicitly granted before GPS is accessible. 2) While GPS is being watched, even in background, the circles/ripples icon cue is visible to user on the device. 3) The underlying Service Worker architecture mandates the use of secure/authenticated httpS communication. 4) The user can be 100% sure tracking is off by simply closing the browser on their device. 5) The manifest-resident gcm_sender_id (Google Project Id) can be revoked/voided if a site is behaving badly Other Options: - 1) Only permit background/service-worker GPS access if the Web App is installed/home-screened? 2) If a single GPS permission will cover both background and foreground access, then put a link on the permission-toast pointing to the Faustian details? 3) Use a new icon, perhaps an eye or a doughnutted version of the current GPS ripples? Pulse the icon? Similar conundrums so that Service Worker GPS is not singled out unfairly: - 1) Firefox currently continues to process watchPosition events in background 2) All browsers except IE and Chrome continue to watchPosition when phone is locked but browser tab in foreground. 3) The proposed WAKE-LOCK and CPU-LOCK will backdoor user-tracking 4) The proposed GeoFence API, as it stands, will be another backdoor to user tracking 5) Native Apps can do this with impunity 6) Push Messages must be required to trigger a notification so as not to be silent/stealthy. 7) Geofencing is still tracking! Knowing when my next victim leaves their house each Tuesday is still an intrusive invasion of one’s privacy if it has not been sanctioned. Surely the degree of “badness” is not the issue here? 8) Speech synthesis API and microphone access PS. Mozilla is also floundering: -https://bugzilla.mozilla.org/show_bug.cgi?id=1216148https://bugzilla.mozilla.org/show_bug.cgi?id=784505 Thanks for listening. Cheers Richard Maher
Received on Wednesday, 17 February 2016 01:42:50 UTC