Tuesday, October 14, 2008


Geode is a Firefox extension for geolocation.

As I understand the process, whenever a web site indicates it's looking for your location , the extension uses a W3C location API to query Skyhook Loki, which determines your location from WiFi triangulation.

Once Geode has your location from Loki, it shares it with service providers, like a sample FoodFinder


Before sharing with an SP, Geode asks you for your granularity privacy policy.

On two separate trials visiting Yahoo FireEagle, I specified 'Exact Location' and 'Neighborhood'.

For the latter, FireEagle appeared to know my location to the same accuracy as for the former, even though I specifically did not select the 'Remember my decision' box.

The same experiment for the FoodFinder app worked, so it would seem FireEagle is doing its own tricks to remember.

For many applications, ultimately more important than a user's location (whether obfuscated or not) is whether they are near to some particular place. The privacy principle of minimal disclosure would argue that if the SP really doesn't need the full location, but only a yes/no to a question of 'Is he within 2 km of X'?, then they shouldn't get the full location.

I don't see support for this sort of 'test position' method in the W3C API.

1 comment:

Robert said...

Right. And why did we need a new API, when the same (and more) could be achieved by adding PAOS support to the browser and a (truly plugable) module that would actually get the geolocation?
Then browser implementers can add privacy support/logic as they please. W3C could then even have some fun meetings to specifiy an API that would allow for privacy plugins, opening a whole new market!