[Webkit-unassigned] [Bug 143390] New: Geolocation Access Controls Not Sufficiently Granular
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 3 15:44:03 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=143390
Bug ID: 143390
Summary: Geolocation Access Controls Not Sufficiently Granular
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: All
OS: All
Status: NEW
Severity: Enhancement
Priority: P2
Component: Event Handling
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mileselam+webkit at gmail.com
JavaScript access to geolocation on the web triggers a scary prompt in all cases. Users will either blindly accept all requests for location, leaving them open to abuse, or they will deny all requests by default, eliminating any utility from geolocation. This has a stifling effect on greater use of geolocation on the web.
Let the user decide granularity. Let the site know the general area without prompt. Geolocation on the web isâ¦not optimal. So many sites trying to access location, scary prompt saying that site X wants to know your location with no context as to how it will be used, and too hard to revisit the decision.
Why is it either GPS within 15 feet or nothing at all? Many people don't care if you know that they're in San Mateo (for example), but unless you're explicitly a map-related or Foursquare-type web app, exact values aren't necessary but general location is still useful.
âââââ
"Site wants access to your location."
⢠Allow
⢠Allow, but not my exact location
⢠Deny
âââââ
Geolocation on the web is underutilized because people are worried about privacy, and rightly so! Speaking for myself, I'd be happy to give a value modulo 10km as a location default in exchange for not having a web prompt. Good enough to know the city for context but inexact enough to satisfy my comfort levels for general web use.
Also useful to amend the geolocation web API to specify needed granularity: exact, within 10km, within 100k, state/province/country, etc. If all your app needs is to know which requests are coming in by state or country, the privacy implications are obviously reduced from exact location.
If any site wants to know what state I'm in, give it to them without a prompt. Exact (within 15 feet)? Prompt me.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150403/d68a03d6/attachment.html>
More information about the webkit-unassigned
mailing list