-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use Case (website visitor): View your current location on the map, without sharing with the website #75
Comments
Whoops. I missed that you had opened this & created another one with the same reference: #91 That's specifically about adding the reference & some points it makes to the principles used for assessing/tagging different capabilities. Talking specifically about the use case you brought up: would you consider this a distinct use case ("incognito map browsing mode"), or would you consider the use case to be geolocation & privacy to be a requirement of doing it properly? |
I think sometimes the user will want to share their location with a Web site, in the belief that the Web site is trustworthy. However sometimes, the user just wants to see where they are on a map, and they shouldn't have to disclose their precise location to anybody including a tile provider. I'm sure there are limits to how well you can cloak where you are when you zoom in on a particular map tile, but there could be techniques (at the expense of more bandwidth consumption, perhaps) that obfuscate where you actually are by loading random tiles away from your actual location. I'm sure I haven't considered everything, it was just the idea of script being the main vector for exfiltrating stuff about you, being the only way to trigger geolocation that seemed wrong to me. |
Of course if JavaScript is enabled, and there is a real live map in the page, its trivial to get the location of the map centre. |
OK, updated the issue title to describe this as a use case. |
I don't understand how this could possibly work. |
What's implausible? The idea is that the UA could supply a button for turning on gps location that wasn't tied to a scripted use of navigator.geolocation.getCurrentPosition. The map could track the location returned as if the user was using a mouse or keyboard to use the map. |
Not sharing the location with the website means that the user must disable JS, there has to be a built-in map widget in the browser that does not fetch any layers or any other data as you pan the map, CSS is not allowed to "know" (though selectors) which part of the map is currently visible (since it could fetch something i.e. notify the website)... |
Let's say JS is on. The map widget would provide a native control that turns the map into "location sync mode", but what about that mode would look different to the server than the user moving the map with a keyboard or mouse pointer? I realize that the center of the map is somewhat deducible by the resources that are requested, but the center doesn't have to be the user's location, to the knowledge of the web site. Further, the resources could all be fetched from cache for such a mode (perhaps). |
There's a somewhat related WICG topic: https://discourse.wicg.io/t/fuzzy-geolocation-improve-privacy-and-security/4822. There's of course a difference between "without sharing location" and obfuscating the part which the user is viewing by e.g. fetching out of view tiles. |
@prushforth ok, then it's not without sharing the user's location with the website, it's more the website may not be able to tell if it's the user's location or the user is navigating the map. If JS is on, then the website can absolutely tell if the map is moving because of keyboard or mouse pointer actions, because of events. Further, I assume a web map element would have some API to expose to the page what is currently shown on the map, since many use cases need that (e.g. Display custom web content describing map features), therefore the page knows what's on the map even if no tiles or all tiles are fetched. |
Sure
Yes, the DOM would provide ample location and content information about what's in the map. I will just hold out a sliver of hope for a user agent behaviour that could help the user avoid being tracked, as opposed to knowing what they are looking at. It's like the difference between knowing what the user is reading, vs knowing what they are thinking or doing while they are reading it |
Just to note that a WebKit proposal mentions a similar consideration for viewing 3D models:
|
This issue is for discussion of the use case “View the current location on a map, without disclosing to the website”, its examples & list of required capabilities.
Re: https://www.w3.org/blog/2019/06/privacy-anti-patterns-in-standards/
The use case might be something like (for discussion): allow the user to enable "private" geolocation on the browser and so discover her location on a map, without disclosing that location to the web site. Such a feature would / should not require script to be enabled in order to function.
The text was updated successfully, but these errors were encountered: