Re: [geolocation-api] Explicitly limit permission lifetimes (#47)

I appreciate the comments above, and recognize that MUST in a standard is not legally binding or self enforcing.  Thats equally true for privacy protections as for any other aspect of a standard.

I also don't see the UX/non-UX distinction being drawn here is.  There is not a clear line separating (say) "there MUST be a way for permissions to be lifetime limited" as a UX feature that should not have mandatory language in the spec, while "the implementation MUST never invoke the successCallback without having first obtained permission from the user to share location" ([5.2](https://w3c.github.io/geolocation-api/#geolocation_interface)) as not being UX related, and so fine to receive mandatory treatment.

We write MUST in standards all the time because we think whatever feature MUST is describing is important enough that the standard should not be implemented w/o it.  This issue is arguing that the web platform should not define powerful capabilities (i.e. giving realtime updates of location data), without also defining capabilities to prevent easily-foreseeable misused or harm.

We might disagree about how harmful accidental ongoing location disclosure is, or if its solvable at all, or if something about this particular issue that makes individual browsers better fit to solve the problem; cool, lets discuss, etc.  But I disagree with the idea that this issue is categorically out of bounds for mandatory standards language.  And doubly so since there are folks in these threads with less standards-body experience then even myself (low bar that it is), and will be deterred from discussion by such comments.

-- 
GitHub Notification of comment by pes10k
Please view or discuss this issue at https://github.com/w3c/geolocation-api/issues/47#issuecomment-657922020 using your GitHub account

Received on Tuesday, 14 July 2020 02:02:46 UTC