[LINK] Geolocation
stephen at melbpc.org.au
stephen at melbpc.org.au
Tue May 3 00:32:19 AEST 2011
Richard writes:
> My more detailed response to the Gizmodo "don't worry, be happy".
> http://www.theregister.co.uk/2011/05/02/device_data_collection/
Yes, agree with you and Roger. Another point is that HTML geo-location
gathering routines are easy to implement and with very few rewards for
conforming to the Privacy clauses with-in the W3C HTML5 specifications.
If even the major phone manufacturers want our data, what hope have we
when future websites etc, may/will include geolocation-send HTML5 code.
http://dev.w3.org/geo/api/spec-source.html
Abstract:
This specification defines an API that provides scripted access to
geographical location information associated with the hosting device.
"Example of requesting a potentially cached position."
// Request a position. We accept positions whose age is not
// greater than 10 minutes. If the user agent does not have a
// fresh enough cached position object, it will automatically
// acquire a new one.
navigator.geolocation.getCurrentPosition(successCallback,
errorCallback,
{maximumAge:600000});
function successCallback(position) {
// By using the 'maximumAge' option above, the position
// object is guaranteed to be at most 10 minutes old.
}
function errorCallback(error) {
// Update a div element with error.message.
}
4. Security and privacy considerations
The API defined in this specification is used to retrieve the geographic
location of a hosting device. In almost all cases, this information also
discloses the location of the user of the device, thereby potentially
compromising the user's privacy.
A conforming implementation of this specification must provide a mechanism
that protects the user's privacy and this mechanism should ensure that no
location information is made available through this API without the user's
express permission.
4.1 Privacy considerations for implementors of the Geolocation API
User agents must not send location information to Web sites without the
express permission of the user. User agents must acquire permission
through a user interface, unless they have prearranged trust relationships
with users, as described below. The user interface must include the host
component of the document's URI [URI]. Those permissions that are acquired
through the user interface and that are preserved beyond the current
browsing session (i.e. beyond the time when the browsing context
[BROWSINGCONTEXT] is navigated to another URL) must be revocable and user
agents must respect revoked permissions.
4.2 Privacy considerations for recipients of location information
Recipients must only request location information when necessary.
Recipients must only use the location information for the task for which
it was provided to them. Recipients must dispose of location information
once that task is completed, unless expressly permitted to retain it by
the user. Recipients must also take measures to protect this information
against unauthorized access. If location information is stored, users
should be allowed to update and delete this information.
The recipient of location information must not retransmit the location
information without the user’s express permission. Care should be taken
when retransmitting and use of encryption is encouraged.
Recipients must clearly and conspicuously disclose the fact that they are
collecting location data, the purpose for the collection, how long the
data is retained, how the data is secured, how the data is shared if it is
shared, how users may access, update and delete the data, and any other
choices that users have with respect to the data. This disclosure must
include an explanation of any exceptions to the guidelines listed above.
--
Cheers,
Stephen
More information about the Link
mailing list