[whatwg] Geolocation API Proposal
aa at google.com
Fri Mar 21 09:51:28 PDT 2008
On 3/21/08, Shyam Habarakada <shyamh at microsoft.com> wrote:
> If the container page/site is able to access location via any of these mechanisms, there is little to nothing that the user-agent can do to prent that site from forwarding the information to an ad provider. In other words, the privacy concerns around location cannot be solved with just technical solutions and would require the implementation and adherence to policies that protect the end-user.
There's a difference between a page forwarding private info to third
parties and the third parties just getting the private info for free.
In our proposal, we mention getting user permission before sharing the
location details with the application, or even giving them an option
to provide only approximate location. That is another reason why it is
useful to have an explicit method to start the API.
Perhaps you could do something similar with the HTTP mechanism, but I
don't know how, exactly.
Another issue with the HTTP headers approach is that it doesn't seem
like a natural fit for offline-enabled web apps that want to use the
location info offline.
More information about the whatwg