W3C home > Mailing lists > Public > public-geolocation@w3.org > July 2020

Re: [geolocation-api] Explicitly limit permission lifetimes (#47)

From: Chris Wilson via GitHub <sysbot+gh@w3.org>
Date: Wed, 01 Jul 2020 18:18:29 +0000
To: public-geolocation@w3.org
Message-ID: <issue_comment.created-652574277-1593627508-sysbot+gh@w3.org>
I would alter Yoav's "the spec needs to make sure implementers address this issue."  I think the spec needs to define the concerns, make it clear where there are concerns, and where possible make suggestions for mitigations.  Where those mitigations might require changes to the API shape, it's even more important to consider them up front and make allowances for those mitigations.  I don't think we can MUST most of those mitigations, though.

The challenge is that in practice, mitigating those concerns don't usually have an obvious answer.  To use one of your suggested mitigations as an example, I'd be pissed if my Google Maps tab that I've had open for several days now stopped being able to tell where I was.  There is a balance between potential privacy concern (the Google maps tab knows where I am, and if my wife walked up and used my computer it could track her too), and usability of the user experience. 

Is this an easy answer of "don't worry about it"?  No - I think we should be identifying concerns like this, brainstorm potential mitigations and suggest them in the spec, add API allowance where needed to support them, and let the users speak with their feet.

-- 
GitHub Notification of comment by cwilso
Please view or discuss this issue at https://github.com/w3c/geolocation-api/issues/47#issuecomment-652574277 using your GitHub account
Received on Wednesday, 1 July 2020 18:18:31 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 1 July 2020 18:18:32 UTC