- From: Dan Brickley <danbri2011@danbri.org>
- Date: Sun, 27 Nov 2011 16:14:11 +0100
- To: Thomas Roessler <tlr@w3.org>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Thomas Roessler <tlr@w3.org>, Nicholas Doty <npdoty@w3.org>, Karl Dubost <karld@opera.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
On 27 Nov 2011, at 14:11, Thomas Roessler <tlr@w3.org> wrote: > On 2011-11-27, at 12:51 +0100, Bjoern Hoehrmann wrote: > >> The malicious opt-in problem exists whether or not you filter networks >> on the client, and that would be taken care of in the same way that you >> prevent poisoning the database with other false information, like not >> having information that comes too infrequently or from too few sources. >> Note that the "reliable channel" does not seem to be required to opt in, >> they could require that to protect against this, if that actually helps. > > So, I'm honestly having a hard time seeing the "malice" here. What exactly is it that you're protecting by keeping people from measuring what access points are around them, and by keeping service providers from using those data? How are these personal data? > > I can see several nearby things a provider like Google could do that would rightly make people freak out: Collecting arbitrary MAC addresses (and thereby being able to do movement profiles of mobile devices that they aren't able to track otherwise), or (even accidentally) collecting payload data from wireless networks. We've been there. > > But assuming we're only talking about access points that publicly broadcast their SSID: Why are you actually worried about that? I was assuming folk here would've seen http://samy.pl/mapxss/ ...which claims ssid can sometimes be accessed from hostile Web pages via XSS, and then looked up to provide precise geo. > Speaking strictly personally, Ditto, Dan > -- > Thomas Roessler, W3C <tlr@w3.org> (@roessler) > > > > > > > >
Received on Sunday, 27 November 2011 15:15:00 UTC