- From: Aaron Boodman <aa@google.com>
- Date: Fri, 21 Mar 2008 09:51:28 -0700
On 3/21/08, Shyam Habarakada <shyamh at microsoft.com> wrote: > If the container page/site is able to access location via any of these mechanisms, there is little to nothing that the user-agent can do to prent that site from forwarding the information to an ad provider. In other words, the privacy concerns around location cannot be solved with just technical solutions and would require the implementation and adherence to policies that protect the end-user. There's a difference between a page forwarding private info to third parties and the third parties just getting the private info for free. In our proposal, we mention getting user permission before sharing the location details with the application, or even giving them an option to provide only approximate location. That is another reason why it is useful to have an explicit method to start the API. Perhaps you could do something similar with the HTTP mechanism, but I don't know how, exactly. Another issue with the HTTP headers approach is that it doesn't seem like a natural fit for offline-enabled web apps that want to use the location info offline. - a
Received on Friday, 21 March 2008 09:51:28 UTC