Privacy/Reviews/GeolocationAPI: Difference between revisions

Privacy/Reviews/GeolocationAPI (view source)

Revision as of 23:17, 4 June 2012

726 bytes added , 4 June 2012

→‎Alignment with Privacy Operating Principles

Sidstamm

canmove, Confirmed users

1,537

edits

@@ Line 191: / Line 191: @@
 ====Principle: Transparency / No Surprises====
-(How the feature addresses this)
+This feature prompts users before giving content access to the geocoding API.  Users who have allowed the current page to obtain their location through the other geolocation API will not be prompted, though they have already authorized location services on the current page.
-''Recommendations'': We should let the user know that this function MAY involve the data associated with their location(s) (ie. from geo-tagged photos, etc.)
+''Recommendations'': Let the user know that this function MAY involve the data associated with their location(s) (ie. from geo-tagged photos, etc.)  Update the prompt message to say this.
+{{ResolutionBox|{{new|}}}}
 ====Principle: Real Choice====
+This feature will prompt the user for permission for use of this feature through use of an on-screen prompt. The prompt is simple and allows the user to continue using the current web site without granting access to this service.
-''Recommendations'': We plan to ask the user for permission for use of this feature through use of an on-screen prompt. This may be appropriate for this feature? Need to discuss.
+''Recommendations'': None.
 ====Principle: Sensible Defaults====
+This feature is disabled by default and when a site requests access, the user will be asked for permission.  The prompt is tied into other geolocation services too -- the user will be prompted only once per site per session (so there will not be a flood of prompts for each call to this API).  The effect is that the user will be prompted once to allow a site to access location services, then not again for that session on that site.
-''Recommendations'': No real defaults involved, since we plan to ask permission for this feature. If future plans don't involve this process, then the default use will be to allow reverse geocoding of locations, since the location itself may be arbitrary and have most likely have no risk to the user. Again, we need to discuss this point.
+''Recommendations'': None.
+====Principle: Limited Data====
+The data being shared to 3rd party platforms is only the bare minimum data that can be shared for the services requested. All other location data being stored in the browser is stored only in memory (not on disk).
-====Principle: Limited Data====
+''Requirement'': store addresses and longitude/latitude coordinates in volatile memory only (not on disk or in cache).
-''Recommendations'': The data being shared to 3rd party platforms is only the bare minimum data that can be shared. All other location data being stored is dealing with the Firefox browser itself, and is our responsibility.
+{{ResolutionBox|{{new|verify that location data encountered by this feature is kept in memory only (not on disk).}}}}
 = Follow-up Tasks and tracking =