A True Test for the Location-Enabled Web
In advance of Facebook’s annual developer conference next month, reports have begun to materialize about a seminal new feature that the social networking service may roll out: location sharing. Although there’s no official word from the company yet, the speculation is that Facebook will be introducing features that allow users to share their current location with their friends and allow applications developers to offer location-based services to Facebook users.
If the rumors are true, this will no doubt represent a watershed moment for the nascent location-enabled Web. With hundreds of millions of users who log on each day, the potential for a dramatic increase in the amount of location information shared online is sweeping. Because so many Facebook users access the site from mobile devices like smartphones and laptops that can be automatically located based on wireless signals or GPS, it’s not hard to imagine location data quickly and automatically populating news feeds, wall posts, and posted photos.
How Facebook decides to incorporate privacy protections into its new location features will have an obvious impact on whether the Facebook user community embraces location-sharing. Unfortunately, the story of location privacy on the Web thus far hasn’t quite been a fairytale.
Last summer, the World Wide Web Consortium (W3C) – the world’s leading technical web standards organization – published a draft standard that allows any website to request a Web visitor’s location using only a few simple lines of code. The draft was published after a long and controversial deliberation about user privacy. CDT, among others, had advocated for the somewhat novel approach to privacy that has been standardized by the Internet Engineering Task Force (IETF), another leading Internet standards body. The IETF’s location-related work aims to change the historic reliance on privacy policies set by service providers by allowing users to specify the rules that govern the use and retention of location information about them.
But in an effort spearheaded by the leading browser vendors (including Opera, Mozilla, and Apple), the W3C rejected the IETF approach and instead opted to continue to leave it up to individual service providers’ privacy policies as the only mechanism governing location privacy. The W3C location standard urges developers to respect privacy, but includes no technical steps that would force developers to do so.
When the standard was released, it remained to be seen whether Web sites would respond to the draft’s suggestions about how service providers could improve their privacy practices. A revealing report recently published by researchers at UC Berkeley shows that many Web sites have failed to implement the privacy guidelines outlined in the standard.
The Berkeley researchers crawled a fractional subset of the Web and evaluated the Web sites they found that implement the W3C location standard; they additionally evaluated sites that they knew about that had implemented the standard, independent of their crawl. But even in their small sample, they found few sites that offer any privacy protections at all: some have no privacy policies whatsoever, others fail to mention location in their privacy policies, and not a single site provides a clear and conspicuous disclosure to users prior to requesting their location. This means that the common user experience is likely to be a dialogue box that takes over the screen of their mobile device and forces them to make a binary choice about whether to share their location, without providing them with any other information to help them make the decision.
This take-it-or-leave-it approach to privacy hasn’t worked for other kinds of information sharing on the Web, and it won’t suffice for location. As it stands, Web users are left without even the most basic of protections -- transparency -- to say nothing of all the other kinds of protections that are lacking (location granularity controls and access to location histories are two that come to mind immediately). We hope that as the Web’s most popular sites, including Facebook, become location-enabled, they realize that users deserve better, and than the sensitivity of location information demands that the web privacy paradigm be rewritten.
[CDT Staff members John Morris and Erica Newland contriubted to this article.]