HTML5, geolocation and privacy implications
in [General Programming]
|
Prev: Q: Parallel processing for multi-precision arithmetics
Next: Seeking algorithm for *something like* subset sum problem
From: Rui Maciel on 4 Jun 2010 07:11 It appears that the current HTML5 draft includes an API for geolocation[1], which appears to be proposed by Google, that enables site operators to monitor the location of those accessing their site by accessing information from sources such as GPS and network signals. Doesn't this constitute a security problem with major privacy implications? Rui Maciel [1] http://www.w3.org/TR/geolocation-API/
From: Lie Ryan on 4 Jun 2010 14:24 On 06/04/10 21:11, Rui Maciel wrote: > It appears that the current HTML5 draft includes an API for geolocation[1], which appears to be > proposed by Google, that enables site operators to monitor the location of those accessing their > site by accessing information from sources such as GPS and network signals. Doesn't this constitute > a security problem with major privacy implications? Firefox would ask the user before sending geolocation data, I guess other browsers would also do the same. Server-side geolocation has always been possible through checking a client's IP address; but this technique is fragile, tedious, unreliable, inaccurate, and gives incorrect result if you used proxy. For years, Google has redirected people to www.google.co.* or www.google.com.*, and then serves Google page in your local language using this technique. Client-side geolocation will allow browsers to assist the server in using more reliable data sources (e.g. GPS). I guess privacy implication does exist for click-happy users that will just say yes to any warning/confirmation box without trying to understand what's happening.
From: Rui Maciel on 5 Jun 2010 08:12 Lie Ryan wrote: > Firefox would ask the user before sending geolocation data, I guess > other browsers would also do the same. Yes, that is mentioned in the specification. Yet, it is also mentioned that "User Agents must acquire permission through a user interface, unless they have prearranged trust relationships with user" Along with: "Some User Agents will have prearranged trust relationships that do not require such user interfaces." To me that reads as some sort of escape clause, which guarantees that the user's geolocation is always accessible by default, forcing the user to go through great pains to try to disable this feature, either temporarily or not. <snip/> > I guess privacy implication does exist for click-happy users that will > just say yes to any warning/confirmation box without trying to > understand what's happening. Why do you believe it will only affect "click-happy users"? The specification states that not all cases require the user to explicitly authorize access to their geolocation info. And even so, why should "click-happy users" be subjected to this stuff by default? Rui Maciel
From: Lie Ryan on 5 Jun 2010 18:43
On 06/05/10 22:12, Rui Maciel wrote: > Lie Ryan wrote: > >> Firefox would ask the user before sending geolocation data, I guess >> other browsers would also do the same. > > Yes, that is mentioned in the specification. Yet, it is also mentioned that > > "User Agents must acquire permission through a user interface, unless they have prearranged trust > relationships with user" I read that as: User Agent can have a "remember approval" feature (kind of like, "remember password"). > Along with: > > "Some User Agents will have prearranged trust relationships that do not require such user > interfaces." > > To me that reads as some sort of escape clause, which guarantees that the user's geolocation is > always accessible by default, forcing the user to go through great pains to try to disable this > feature, either temporarily or not. hmmm... well, maybe yes, if we interpret the spec literally, there is some privacy issues there; but that's all still under user's control since it is user's responsibility to ensure that the User Agent/browser they're using have a reasonable privacy policy. Even without geolocation, a browser/User Agent have a lot of power to violate user's privacy. In the worst case, the user can switch their User Agent. In any case, the power of deciding the authorization of geolocation data is still in the user's side; not the server's side. > <snip/> >> I guess privacy implication does exist for click-happy users that will >> just say yes to any warning/confirmation box without trying to >> understand what's happening. > > Why do you believe it will only affect "click-happy users"? The specification states that not all > cases require the user to explicitly authorize access to their geolocation info. And even so, why > should "click-happy users" be subjected to this stuff by default? In any case, why is that clause making any difference from the current state? In the end, the privacy policy that matters is the privacy policy agreed between the User and the User Agent; the geolocation's spec only states the possibilities, but does not have any power. |