ubuntu-webapps-bugs team mailing list archive

[David Barth <david.barth@xxxxxxxxxxxxx>]

** Changed in: location-service (Ubuntu)
     Assignee: (unassigned) => Alberto Mardegan (mardy)

** Also affects: webapps-sprint
   Importance: Undecided
       Status: New

** Changed in: webapps-sprint
     Assignee: (unassigned) => Alberto Mardegan (mardy)

** Changed in: webapps-sprint
    Milestone: None => sprint-20

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1551686

Title:
  browser leaks old location data to web pages

Status in Oxide:
  In Progress
Status in webapps-sprint:
  New
Status in location-service package in Ubuntu:
  New
Status in webbrowser-app package in Ubuntu:
  Invalid

Bug description:
  visit a web page that requests your current location, for example http
  ://where-am-i.net it prompts to get permission to share the current
  location, hit allow and it will probably show where you were a few
  hours ago as the GPS will have a cached location. Refreshing won't
  update the location, only applications that subscribe to updates cause
  the GPS to get a new location.

  The problem here is that I authorised the web page to know where I am
  now. I am OK with giving my current position to the web page
  requesting it. I *didn't* authorise it to know where I was yesterday
  or this morning, and I might have reasons to not want it to know where
  my house is, even though I am fine with it knowing where I am right
  now.

  The web browser app should not reveal GPS locations that are older
  than the decision to allow location to be shared with the page.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1551686/+subscriptions