Re: Proposal: Prefer secure origins for powerful new web platform features

Sent from my iPhone

> On Aug 21, 2014, at 4:44 PM, Adam Langley <> wrote:
>> On Thu, Aug 21, 2014 at 4:37 PM, Mark Watson <> wrote:
>> Wouldn't it be more accurate to say to the user, at this point, "This
>> website wishes to access your location. However, we can't reliably
>> determine the identity of the website and it may send your location
>> information in a way that is not protected against eavesdropping. Do
>> you want to proceed?"
> No, because bombarding the user with complex warnings all day, taxing
> their executive capacity and then blaming them when something bad
> happens is a poor way to build products. We do enough of it already,
> we don't want to make it worse for the sake of a few dollars a year.

So, you're saying that the above text is less accurate than saying
' wants to see your location' ? I actually wasn't
advocating that geolocation be available to insecure origins, just
pointing out that if it was / where it is, there is no need to
mis-lead users that you know who is asking for it.

Anyway, I totally agree a few dollars a year is well worth it to avoid
a user dialog like this, if that was the choice.  What, though, if the
alternative was not just a few dollars but millions ? What if the
alternative is using a plugin ?

> Cheers

Received on Thursday, 21 August 2014 23:56:11 UTC