[Webkit-unassigned] [Bug 143390] New: Geolocation Access Controls Not Sufficiently Granular

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 3 15:44:03 PDT 2015


            Bug ID: 143390
           Summary: Geolocation Access Controls Not Sufficiently Granular
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: All
                OS: All
            Status: NEW
          Severity: Enhancement
          Priority: P2
         Component: Event Handling
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mileselam+webkit at gmail.com

JavaScript access to geolocation on the web triggers a scary prompt in all cases. Users will either blindly accept all requests for location, leaving them open to abuse, or they will deny all requests by default, eliminating any utility from geolocation. This has a stifling effect on greater use of geolocation on the web.

Let the user decide granularity. Let the site know the general area without prompt. Geolocation on the web is…not optimal. So many sites trying to access location, scary prompt saying that site X wants to know your location with no context as to how it will be used, and too hard to revisit the decision.

Why is it either GPS within 15 feet or nothing at all? Many people don't care if you know that they're in San Mateo (for example), but unless you're explicitly a map-related or Foursquare-type web app, exact values aren't necessary but general location is still useful.
"Site wants access to your location."
• Allow
• Allow, but not my exact location
• Deny
Geolocation on the web is underutilized because people are worried about privacy, and rightly so! Speaking for myself, I'd be happy to give a value modulo 10km as a location default in exchange for not having a web prompt. Good enough to know the city for context but inexact enough to satisfy my comfort levels for general web use.

Also useful to amend the geolocation web API to specify needed granularity: exact, within 10km, within 100k, state/province/country, etc. If all your app needs is to know which requests are coming in by state or country, the privacy implications are obviously reduced from exact location.

If any site wants to know what state I'm in, give it to them without a prompt. Exact (within 15 feet)? Prompt me.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150403/d68a03d6/attachment.html>

More information about the webkit-unassigned mailing list