Bug 143390 - Geolocation Access Controls Not Sufficiently Granular
Summary: Geolocation Access Controls Not Sufficiently Granular
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: UI Events (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Enhancement
Assignee: Nobody
Depends on:
Reported: 2015-04-03 15:44 PDT by Miles Elam
Modified: 2015-04-04 18:54 PDT (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Miles Elam 2015-04-03 15:44:03 PDT
JavaScript access to geolocation on the web triggers a scary prompt in all cases. Users will either blindly accept all requests for location, leaving them open to abuse, or they will deny all requests by default, eliminating any utility from geolocation. This has a stifling effect on greater use of geolocation on the web.

Let the user decide granularity. Let the site know the general area without prompt. Geolocation on the web is…not optimal. So many sites trying to access location, scary prompt saying that site X wants to know your location with no context as to how it will be used, and too hard to revisit the decision.

Why is it either GPS within 15 feet or nothing at all? Many people don't care if you know that they're in San Mateo (for example), but unless you're explicitly a map-related or Foursquare-type web app, exact values aren't necessary but general location is still useful.
"Site wants access to your location."
• Allow
• Allow, but not my exact location
• Deny
Geolocation on the web is underutilized because people are worried about privacy, and rightly so! Speaking for myself, I'd be happy to give a value modulo 10km as a location default in exchange for not having a web prompt. Good enough to know the city for context but inexact enough to satisfy my comfort levels for general web use.

Also useful to amend the geolocation web API to specify needed granularity: exact, within 10km, within 100k, state/province/country, etc. If all your app needs is to know which requests are coming in by state or country, the privacy implications are obviously reduced from exact location.

If any site wants to know what state I'm in, give it to them without a prompt. Exact (within 15 feet)? Prompt me.