ubuntu-webapps-bugs team mailing list archive
-
ubuntu-webapps-bugs team
-
Mailing list archive
-
Message #03863
[Bug 1551686] Re: browser leaks old location data to web pages
** Changed in: location-service (Ubuntu)
Assignee: (unassigned) => Alberto Mardegan (mardy)
** Also affects: webapps-sprint
Importance: Undecided
Status: New
** Changed in: webapps-sprint
Assignee: (unassigned) => Alberto Mardegan (mardy)
** Changed in: webapps-sprint
Milestone: None => sprint-20
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1551686
Title:
browser leaks old location data to web pages
Status in Oxide:
In Progress
Status in webapps-sprint:
New
Status in location-service package in Ubuntu:
New
Status in webbrowser-app package in Ubuntu:
Invalid
Bug description:
visit a web page that requests your current location, for example http
://where-am-i.net it prompts to get permission to share the current
location, hit allow and it will probably show where you were a few
hours ago as the GPS will have a cached location. Refreshing won't
update the location, only applications that subscribe to updates cause
the GPS to get a new location.
The problem here is that I authorised the web page to know where I am
now. I am OK with giving my current position to the web page
requesting it. I *didn't* authorise it to know where I was yesterday
or this morning, and I might have reasons to not want it to know where
my house is, even though I am fine with it knowing where I am right
now.
The web browser app should not reveal GPS locations that are older
than the decision to allow location to be shared with the page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1551686/+subscriptions