hey, i gave a talk about geolocation on air.mozilla. please check it out. You’ll need a Firefox 3.1 nightly or beta releases watch the video.
In the video, I mentioned the strawman position statement and here it is. I am interested in hearing what you think!
Privacy considerations for implementers of the Geolocation API:
User Agents must not send geolocation data to websites without expressed permission of the user. Browsers will acquire permission through a user interface which will include the document origin URI. All permissions should be revocable, and applications should respect revoked permissions.
Some User Agents will have prearranged trust relationship that do not require such user interfaces. For example, Firefox will present a user interface the when example.com performs a geolocation request. However, a voip telephone may not present any user interface when using a geolocation to perform an E911 function.
Privacy considerations for recipients of location information:
The two primary concerns regarding recipients of geolocation data are retention and retransmission. Recipient of location information should retain location information only as long as required. Users must be allowed to update and delete location information that they have posted. Recipient of location information should not retransmit the location information without the user’s consent. Care should be taken when retransmitting and use of HTTPS is encouraged. Furthermore, a clear and accessible privacy policy should be made available to all users that details the usage of location data.
3 Comments
> a voip telephone may not present any user interface when using a
> geolocation to perform an E911 function.
I’m wary even of that. Flagging some sites, even for the best reasons, as allowed for silent geolocatisation opens a can of worms.
For 911, I’d prefer a short warning bar with a count down « by accessing this site, you agree to transmit your current localisation. Click here within 5 seconds to cancel access. »
If the short delai is already too much, then I’d do a short information bar instead (“Warning : This site is privileged to full access to you location information !”).
@jmdesp this recommendation is for ANY user agent including browsers. clearly Firefox will never send anything like geolocation without expressed permission. However, we considered the use cases of non-browser UAs which may want to use this specification and want a recommendation on what to do regarding privacy. Such non-browser use cases sometimes place the end user as not the right person to approve use of geolocation. For example, a kiosk at a mall that uses geolocation to place its center point. Does the user of this kiosk really need to see a geolocation confirmation dialog? In this case, it is the operator of the kiosk that has that responsibility.
However, maybe you are right. Maybe we should just not include anything regarding “prearranged trust”.
Or, mention the “pre-arranged trust” edge cases explicitly — e.g., mention E911 explicitly as a potential “emergency-based trust relationship.”