[whatwg] Geolocation in the browser
Ian Hickson
ian at hixie.ch
Tue Nov 25 16:54:55 PST 2008
I include below a number of e-mails sent on the topic of Geolocation and
possible things we should add to HTML5 around this. I haven't added
anything, because I the W3C's Geolocation group is already working on
providing an API for this. I encourage people who want to work on this
topic to join that group:
http://www.w3.org/2008/geolocation/
I didn't see anything in the feedback below that hasn't already been more
or less said in the context of that group, so this time I haven't
forwarded the feedback to the other group as I usually do.
On Wed, 21 Feb 2007, Ryan Sarver wrote:
>
> Hey guys. I have been watching the list for a bit and thought it was
> time for me to jump in here and kick off a discussion on
> geolocation-aware browsing. I tried to search through the archives to
> see if the discussion had come up before and didn't find anything, so
> please forgive me if it has.
>
> I am the Dir of Product Development at Skyhook Wireless where we have a
> Wi-Fi Positioning System - think GPS, but software-only and uses
> Wireless APs instead of satellites. We have been working on developing a
> plugin for Firefox that gives a website access to the user's location
> via javascript. User's can control access to this information at the
> domain level in much the same way they control cookies and popups.
>
> We have been successful in exposing it through the Javascript DOM and
> wanted to start talking with standards bodies about coming up with a
> standard implementation to make location-aware browsing common
> functionality at the browser level. I was hoping to kick off a
> discussion around possible implementations and get the community's
> thoughts on the topic.
>
> Location could be exposed through a standard Javascript object/interface
>
> var location = window.getLocation();
>
> - would it make sense to also expose it in the request headers? This
> way the server receives it on the first request as opposed to through
> the client after the initial page request
>
> User-Geolocation: 43.338018, -71.817930
>
> What are people's thoughts on location in the browser? Is the "window"
> object the right object to attach to? Im interested to hear everyone's
> thoughts...
On Wed, 21 Feb 2007, David Latapie wrote:
>
> Surely you've heard of ICBM
> (<meta name="ICBM" content="46.025507, 14.300186" />)
>
> Could elaborate on what you like and dislike on this?
On Wed, 21 Feb 2007, Ryan Sarver wrote:
>
> The ICBM standard is for geotagging the actual content whereas we are
> talking about a standard that lets the content know the location of the
> User or device so that the website can be location-aware.
>
> I want to use as much of the existing standards, but have more questions
> about where it should exist in ecosystem and how servers and webpages
> would expect to see it and use it.
On Wed, 21 Feb 2007, Ryan Sarver wrote:
>
> That's a good point. I think you're right that the "navigator" object
> might make more sense:
>
> // Example
>
> var location = navigator.getLocation();
> alert(location.latitude+', '+location.longitude);
On Wed, 21 Feb 2007, Ryan Sarver wrote:
>
> It's also important to remember that this functionality would be an
> opt-in system - unlike your cell phone :) The prototype that we are
> working on would allow the browser to point to a COM port where it could
> find a GPS device or any NMEA-compatible device or software. It would
> then read the NMEA stream over the COM port and use that to deliver the
> user's location to the website via the DOM.
>
> Our software positions you based on WiFi triangulation and can emulate a
> GPS device by streaming NMEA over a virtual COM port so that the user
> wouldn't need to have a dedicated GPS antennae.
On Wed, 21 Feb 2007, Ryan Sarver wrote:
>
> I hear you ... the idea is really two fold -- the first part is to
> standardize how web applications access the location information,
> regardless of how it is determined. The second is to offer a standard
> way of different location acquiring technologies -- GPS, Wifi
> positioning, geocoding an user-entered address, etc -- to deliver
> location to the browser. In this case I am proposing using the NMEA
> standard as it is well documented and would allow for compatibility with
> existing GPS devices.
>
> I agree, there are very few GPS-enabled laptops - in fact the only one I
> know if us a UMPC - but there are a lot of Bluetooth capable laptops and
> Bluetooth antennas to provide the location. There are also solutions
> like ours at Skyhook that are software-only and would allow people to
> immediately begin to provide their location to the browser via a simple
> download.
>
> This would all obviously be configurable in the UA...
On Fri, 23 Feb 2007, Dave Raggett wrote:
>
> Following on from Michael Smith's email on proosed W3C work in this
> area, I thought it might be helpful to provide a litte context.
>
> There is a great deal of interest in location based web applications and
> the challenge is how to expose this to browsers in a way that is
> independent of how the location is determined. Web applications may need
> control over what format the information is provided, and how often it
> is updated when the device is moving.
>
> There are obviously lots of security concerns over location and this is
> part of a broader context of giving web applications richer access to
> device capabilities. A common approach is to ask the user for permission
> each time the application is run. That raises usability concerns, such
> as is the user able to discern whether the application is bona fide
> website or whether it is a phishing site masquerading as a bona fide
> website. This is a real problem for desktop browsers and is likely to be
> an even greater challenge on the smaller displays on mobile devices.
> Walled gardens provide a partial solution, but don't scale to the
> Internet as a whole.
>
> W3C's April 2006 workshop on transpency and usability of web
> authentication looked at some of the issues, see:
>
> http://www.w3.org/2005/Security/usability-ws/report
>
> We are now planning a further workshop for June 5-6 in Dublin, Ireland
> to follow up with a broader look at the issues involved in declative
> models of distributed web applications. A public call for papers will be
> issued in the near future. An brief outline is given at:
>
> http://www.w3.org/2006/10/uwa-charter.html#workshops
On Thu, 22 Feb 2007, Ryan Sarver wrote:
>
> Since I am a newbie in this regard, what do you think about passing
> something like User-Geolocation in the header of the request so that the
> server has access to the information as well?
>
> Obviously this is subject to some settings and privacy control on the
> UA, but it would allow the server to process the initial page content
> based on the user's current location.
On Wed, 21 Feb 2007, Henri Sivonen wrote:
>
> My first thought is that it is a privacy problem. And per-site
> configurability of the exposure of location data is a user interface
> problem.
On Wed, 21 Feb 2007, Ryan Sarver wrote:
>
> There are obvious privacy concerns -- I feel they can be alleviated with
> the proper level of control for the user. Currently in our prototypes,
> the browser prompts the user for each request, which they can allow or
> deny and then remember that preference for subsequent requests from that
> domain. What type of privacy control are you envisioning?
>
> As for a user-interface problem, its not much different than the
> allowing / blocking of popups on a per-domain basis. There are
> definitely existing standards to piggy-back ontop of in terms of UI
> controls and dialogs.
On Thu, 22 Feb 2007, Ryan Sarver wrote:
>
> One of the other options we have is to reverse-geocode the lat/lon and
> then return different levels of granularity based on that information
>
> 42.351036, -71.049378 = 332 Congress St, Boston, MA 02210
>
> So sites like fandango that would only require a zipcode, we would only
> need to provide them a zipcode.
>
> The biggest problem with this implementation is that it requires an
> additional service on top of standard GPS. We have it built into our
> service, but adding it on top of GPS becomes a hurdle. We have also
> found that most users don't actually worry too much about the
> specificity of the location depending on the use-case. Most of the time
> they are more worried about the binary allow/deny of their location.
>
> I think it makes sense as a first revision to just piggyback on NMEA and
> just do a straight pass through of that information, with some possibly
> fuzzying logic within the browser.
On Thu, 22 Feb 2007, Gervase Markham wrote:
>
> I wasn't envisaging any geocoding services. In my example, the address
> would be one the user had entered, and (assuming the machine has GPS at
> all) the browser had remembered as being at particular GPS coordinates.
> For desktop machines which never move, the browser may well have
> geocoded a typed-in address once and stored the lat/long to give to
> websites.
>
> If the machine has GPS, the default option in the dropdown might be
> "Here: <lat>, <long>". But there would be other options. I think it's
> important that the user be able to give a location other than his
> current one - for example, if he's at work, but looking for the closest
> pizza restaurant to his home.
>
> The "granularity" setting is for privacy; I was imagining that the
> browser would round the actual value to the nearest whatever was
> appropriate, in order to introduce the necessary degree of uncertainty.
On Thu, 22 Feb 2007, Ryan Sarver wrote:
>
> Gerv, this is great feedback. I agree that it's important to think of
> fixed devices also being able to produce location information,
> especially without needing any type of location-sensing hardware or
> software.
>
> In terms of user's being able to give different addresses, I feel that
> is the job of the app itself. The browser should provide the location of
> the UA based on the user's privacy settings, and then it would be up to
> the app as to how they use it and give the user options on how to change
> or use that location. I think this is simple enough as instantiating a
> form with your current location, but letting users change that for
> subsequent requests. Or in the case of Yahoo Local, the drop down could
> have the following options: "Your Current Location, Home, Work, etc"
>
> Re: granularity - I agree that's a simple and functional way of
> "fuzzying" location.
On Thu, 22 Feb 2007, James Graham wrote:
>
> Something slightly relevant has been discussed in the context of wf2 [1]
>
> [1] http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2004-June/000149.html
On Thu, 22 Feb 2007, James Graham wrote:
>
> I believe the Apple iPhone is supposed to expose some sort of
> geolocation data. If it is half as popular as the hype suggests it may
> be, I suggest we try to standardise whatever Apple have done (assuming
> it is sensible, and they haven't managed to get some absurd patent, of
> course) since it is likely to become a defacto standrd that websites
> will adopt and other devices will copy.
On Thu, 22 Feb 2007, Kornel Lesinski wrote:
>
> For some applications location given in format other than lat/long may
> be more useful and less privacy-sensitive.
>
> For example name of the city might be good enough if you order a cab
> from a nationwide company.
>
> Postcode would be easiest way to integrate location API with existing
> services (especially via userjs/greasemonkey, where using
> location->postcode database may be difficult).
>
> Additionally city/postcode information may be provided to desktop
> browsers by the user (for example Opera collects that information
> already).
>
> Also different applications may be satisfied with different precision of
> location (searching for nearest airport vs nearest starbucks :)
>
> There's also privacy problem with giving too precise location and
> usability problem with asking for user's permission every time.
>
> My proposal is:
>
> use navigator.getGeolocation instead of window.getLocation to avoid
> conflicts with existing functions (window object is a global namespace
> in JS) and to avoid confusion with window.location object.
>
> navigator.getGeolocation() would return location with best precision
> allowed by default (without asking user every time). If user set in
> preferences that every page can get location with 10km precision, that
> would be returned.
>
> navigator.getGeolocation(100) would request location that has precision
> of 100m or better. If user's default allowed precision is lower than the
> specified one, browser would ask for permission. Browser would be
> allowed to return location with lower precision than requested (if it
> doesn't have information precise enough or because user decided so).
>
> The function would return an object, which could be queried about
> various aspects of the location - name of the city, postcode, but also
> precision of location given (so applications would know if user is
> really exactly in the middle of the city or if browser only knows the
> city name).
On Fri, 23 Feb 2007, Gervase Markham wrote:
>
> The privacy-sensitivity problem can be easily dealt with by reducing the
> accuracy of the lat/long given.
>
> > For example name of the city might be good enough if you order a cab
> > from a nationwide company.
> >
> > Postcode would be easiest way to integrate location API with existing
> > services (especially via userjs/greasemonkey, where using
> > location->postcode database may be difficult).
>
> The problem with suggestions like this is that they require geocoding on
> the server side. Geocoding services are not always readily available;
> there's no free, unencumbered implementation I know of. And you need a
> different database for every country.
>
> I guess I don't object to the browser returning this information
> additionally if it knows it - but lat/long should be the baseline,
> always-present info.
On Sat, 24 Feb 2007, Steve Runyon wrote:
>
> What if the navigator object offered multiple geolocation-related
> values, and the user could select which one to provide either globally
> or on a per-site basis?
>
> For example:
> .latLong = latitude and longitude within the mininum available error radius
> .latLongApprox = latitude and longitude within a user-defined error radius
> .postalCode = the current postal code
> .municipality = the current town/city (useful? compare Cairo, Egypt and
> Cairo, Georgia, US)
> .state = state/canton/etc.
> .country = country
>
> If postalCode, municipality or state is provided, country is always also
> provided to enable the server to look up the corresponding geographic
> area.
On Sat, 24 Feb 2007, Kornel Lesinski wrote:
>
> But what about browsers that don't have access to GPS device nor
> geocoding service? These browsers could still return city and postcode
> information provided by the user and that could be enough for many
> applications (nearest branch locators, etc.).
On Sat, 24 Feb 2007, Kornel Lesinski wrote:
>
> Ofcourse there should be option to ask every time, but it can't be the
> only option. Some users may prefer not to be bothered and have
> location-based services just working. Also there are IP<>geo databases,
> so some users may want to allow giving away information that has
> approximately same accuracy.
On Sun, 25 Feb 2007, Gervase Markham wrote:
>
> Every browser should be able to get access to a geocoding service once
> or twice, I think. It's the bulk use that would be needed for server
> operators that's harder to get.
>
> So if the user types in an address, the browser would use any number of
> services to geocode it once - obviating the need for every server they
> interact with to do it again and again.
On Sun, 25 Feb 2007, Charles McCathieNevile wrote:
>
> Not necessarily. It's sort of like the accuracy of Google - most of the
> time you get the right language, but every so often it's just totally
> b0rken. So while it is a useful guess, you would want to know what the
> browser is going to submit. And often it is around the country level of
> accuracy.
On Fri, 23 Feb 2007, Ryan Sarver wrote:
>
> I agree with you on the idea of not always using lat/lon as the returned
> data -- this is how we have it implemented in the upcoming version of
> Loki to test it out. The inherent problem with this model is that
> reliance on a reverse-geocoding service to provide that kind of
> information. If we want to allow existing GPS and NMEA-supporting
> devices to play in this world, we would need a reverse geocoding service
> to supplement the lat/lon. Its interesting to think about, but I don't
> know if its feasible on a broad level.
On Fri, 23 Feb 2007, Michael(tm) Smith wrote:
>
> The W3C has some ongoing and planned work related to this. One of the
> stated aims of the W3C work is:
>
> Develop proposals for remote eventing, device coordination, and
> safe and secure access to device capabilities, including
> physical sensors and effectors
>
> Specific upcoming events related to that work include:
>
> - Ubiquitous Web Day at XTech (mentioned in my previous message),
> to take place at XTech in Paris on May 15th. Open to anybody
> attending XTech
>
> - Workshop on Declarative Models of Distributed Web Applications,
> to take place in the first week of June in Dublin. The Call
> for Participation for that will go out some time next month.
>
> In the mean time, there are a couple of documents at the W3C site you
> might want to look at.
>
> The first document is a proposed activity statement for a new
> "Ubiquitous Web Applications" W3C Activity:
>
> http://www.w3.org/2006/10/uwa-activity-proposal.html
>
> And the other document is a proposed charter for a new Working Group:
>
> http://www.w3.org/2006/10/uwa-charter.html
>
> Especially you might want to look at the "Leverage the DCI for
> work on enabling use of device capabilities, remote eventing and
> device coordination" section of the charter:
>
> http://www.w3.org/2006/10/uwa-charter.html#dci
>
> And within that, the following:
>
> Enabling use of Device Capabilities
> http://www.w3.org/2006/10/uwa-charter.html#device-capabilities
>
> The section of the charter outlines this new work can make use of
> previous work that was done at the W3C on the "DCI", which is
> documented in the following W3C Candidate Recommendation:
>
> Delivery Context: Interfaces (DCI) Accessing Static and Dynamic Properties
> http://www.w3.org/TR/DPF/
Cheers,
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list