Hacker News new | comments | show | ask | jobs | submit login

> "Don't give this app location data"

Sure, that case is somewhat more simple, but that's rarely what most people actually want. What most people actually want is to sometimes hide their location from most things when it's sensitive and leave the phone and most apps free to know when it's not.

I think they need to actually support the types of location privacy preferences users are going to want if they want to do location privacy correctly.

What you describe is an advanced feature (geo-fencing).

What I describe is a simple bug; a defective on/off-switch.

When I ask you to not give anyone my address, yet you give everyone access to a drawer full of documents that you annotated with my address, then you can hardly claim to have taken my request seriously.


Do you want the system to edit out an address in a photo if someone takes a picture of a building that has an address on it? Do you want the system to remove EXIF data from images that didn't come from the camera? Do you want the system to remove location information from other files? Do you want the system to remove access to the IP and wifi information so that apps can't trace using that? Do you want the system to proxy requests from those apps so that other people can't trace your location from web requests submitted by those apps?

The on/off switch was originally designed for whether or not you wanted to give the app access to GPS information. Some people say no simply to save power. EXIF data and other types of data which can be used to identify your location are different.

If you want controls over location privacy you should build real controls over location privacy, not pretend that a control that's displayed only once the first time you use an app and only for apps that access GPS-like information is a location privacy control.

It's not.

You can identify a location from a bunch of different types of data. If you want to fix the bug you need an actual fix and that requires a better location privacy control.

(Also if you answered no to all of those questions at the beginning of my post, I'd bet you'd change your tune in an instant if someone at Path simply reprogrammed their stuff to geotag based on a geoip lookup from your submission. Then you and others would probably say that this control is supposed to prevent that type of location data too.)


Do you want [...]

No. I have stated explicitly what I want and only one of your points (strip location data from files that the phone created) was part of it.

Btw GeoIP is not equivalent to a GPS tag and rather useless on mobile IPs. Try looking up your own if you don't believe.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact