- From: Richard Maher <maherrj@googlemail.com>
- Date: Tue, 30 May 2017 13:13:58 +0800
- To: WHAT Working Group <whatwg@whatwg.org>
When it comes to an Ultimate Web App tracking a user's location in the background (while UWA is backgrounded or phone is asleep) how can the user (and Web Standards) ensure that the user is not tracked covertly, maliciously, or unintentionally? Can any please help, offer opinions, with the "best" way to: - 1) Ensure that a user has authorized the UWA access to Geolocation 2) Inform the user that location tracking will be performed even when the move away from the App. 3) Allow tracking to be discoverable via status bar or other For more details on the planned implementation please see: - https://github.com/w3c/ServiceWorker/issues/745#issuecomment-304168724 Some initial ideas: - 1. User permission must be explicitly granted before GPS is accessible. 2. While GPS is being watched, even in background, the circles/ripples icon cue is visible to user on the device. 3. The underlying Service Worker architecture mandates the use of secure/authenticated httpS communication. 4. httpS is now also mandated for GPS access I personally think the above is enough, but for the sake of argument, does anyone have thoughts on how access may be further governed? 1. Only permit background/service-worker GPS access if the Web App is installed/home-screened? 2. If a single GPS permission will cover both background and foreground access, then put a link on the toast to the Faustian details? 3. Use a new icon, perhaps an eye or a doughnutted version of the current GPS ripples? Pulse the icon? 4. When phone/device wakes an/or UWA is foregrounded a notification should inform user that tracking continued while App was not visible. Anything else?
Received on Tuesday, 30 May 2017 05:14:31 UTC