The W3C's Geolocation API may rapidly standardize the transmission of location information on the Web, but, in dealing with such sensitive information, it also raises serious privacy concerns. We analyze the manner and extent to which the current W3C Geolocation API provides mechanisms to support privacy. We propose a privacy framework for the consideration… (More)
Security and privacy issues for <i>Location-Based Services (LBS)</i> and geolocation-capable applications often revolve around designing a <i>User Interface (UI)</i> such that users are informed about what an application is doing and have the ability to accept or decline. However, in a world where applications increasingly draw on a wide variety of LBS… (More)
Relying on non-enforceable normative language to persuade Web sites to make their privacy practices clear has proven unsuccessful, and where privacy policies are present, they are notoriously unclear and unread. Various machine-readable techniques have been proposed to address this problem, but many have suffered from practical difficulties. We propose a… (More)
Microsoft has proposed an identity metasystem to standardize identity services and the principles behind them. A location metasystem can support interoperation between location services, protect users' privacy and handle issues of granularity. The simple OAuth protocol may be a good model for working towards a location metasystem.
One critique of Privacy-by-Design has focused on its lack of concrete guidance for implementation. We have proposed privacy design patterns (drawing from architectural design patterns and object-oriented programming design patterns) as documentation that can be more directly applicable and have established a site to coordinate collaborative development of… (More)