[Info-vax] VMS Server and WebApp future and People Power

[David Froble]

Richard Maher wrote:
> On 19-Feb-16 7:46 PM, IanD wrote:
>>
>> Is there a summarised version?
> 
> Sadly no. Thanks for trying but this is a brown-field development with
> bagage.
> 
> 
>> Is it basically the battle between those that believe the phone is
>> the almighty center of the universe and all right there-in belong to
>> the user of the device and the other camp who believe in trust of the
>> programmer to always do the right thing and not actually keep
>> tracking users when they have closed a given app ?
> 
> No.
> 
> It's a battle between those that think a limited number of geofences of 
> limited size that only manifest at the client are capable of satisfying 
> user/device tracking requirements and those that can see.
> 
> 
>> I would fall into the camp of not wanting to be tracked, period. If
>> I've shit down an app I don't want it keeping tabs on where I am on
>> the sleigh no matter what permissions I gave the app at install. If
>> i've shut something down it needs to be dead, not play dead
>>
> 
> Good! No worries. Users like you turn off GeoLocation in Settings and 
> don't have to worry about it again.
> 
> Users now have geolocation while their app is running in foreground and 
> not while sleeping. That's enough for some apps/users and they have to 
> approve the Web App the first time and after that App Settings are 
> required.
> 
> NB. CURRENTLY FireFox and the Android Browser permit the 
> standard/ubiquitous Navigator.GeoLocation.watchPosition() to continue 
> running even though the user has left the App. See bugs (just skip to 
> the end for my concerns): -
> 
> https://bugzilla.mozilla.org/show_bug.cgi?id=1216148
> https://bugzilla.mozilla.org/show_bug.cgi?id=784505
> 
> But then there are one or two people who want to track their bike ride 
> or jog or want to see their mates on Social Networking or where their 
> pizza is. It is this demographic that I wish to appeal to.
> 
> What would they require to satisfy them that they are fully informed 
> about and in control of an app tracking them in the background?
> 
> What we have now and some other suggestions: -
> 
> User-empowerment, transparency, and governance as at now: -
> 1) User permission must be explicitly granted before GPS is accessible.
> 2) While GPS is being watched, even in background, the circles/ripples 
> icon cue is visible to user on the device.
> 3) The underlying Service Worker architecture mandates the use of 
> secure/authenticated httpS communication.
> 4) The user can be 100% sure tracking is off by simply closing the 
> browser on their device.
> 5) The manifest-resident gcm_sender_id (Google Project Id) can be 
> revoked/voided if a site is behaving badly
> 
> Further Options: -
> 1) Only permit background/service-worker GPS access if the Web App is 
> installed/home-screened?
> 2) If a single GPS permission will cover both background and foreground 
> access, then put a link on the permission-toast pointing to the Faustian 
> details?
> 3) Use a new icon, perhaps an eye or a doughnutted version of the 
> current GPS ripples? Pulse the icon?
> 4) When the device goes to sleep when a Web App is still watching GPS, 
> or simply backgrounds or minimizes a device-tracker, it should make a 
> sound and or vibrate as a non-visual cue that tracking is ongoing?
> 5) When a device is reawakened or a device-tracking app is brought back 
> to the foreground, then a notification must be sent to the user "This 
> App continued to monitor your location in the background". The 
> "Settings" icon on the message could facilitate "Prevent this app from 
> tracking in the background" Forever/Just once.
> 6) Like the Push API the default must be DO NOT track in the background. 
> If the user chooses the individual APP settings then they can turn it on?
> 7) Prevent an App from being backgrounded unless user confirms they are 
> happy for it to keep tracking.
> 
> Look sorry for being wordy again but it is a wordy topic and I'm trying 
> to get people up to speed as quickly as possible.
> 
> Note: This is not a case of Richard's idea or nothing. As I said before 
> this would be a brown-field development: -
> 
> Similar conundrums so that Service Worker GPS is not singled out 
> unfairly: -
> 
> 1) Firefox currently continues to process watchPosition events in 
> background
> 2) All browsers except IE and Chrome continue to watchPosition when 
> phone is locked but browser tab in foreground.
> 3) The proposed WAKE-LOCK and CPU-LOCK will backdoor user-tracking
> 4) The proposed GeoFence API, as it stands, will be another backdoor to 
> user tracking
> 5) Native Apps can do this with impunity
> 6) Push Messages must be required to trigger a notification so as not to 
> be silent/stealthy.
> 7) Geofencing is still tracking! Knowing when my next victim leaves 
> their house each Tuesday is still an intrusive invasion of one’s privacy 
> if it has not been sanctioned. Surely the degree of “badness” is not the 
> issue here?
> 8) Speech synthesis API and microphone access
> 
> Hope this helps and thanks again for the interest!

Interesting synopses ..

(Did I spell that correctly?)

In the world that we have evolved to, there seems to be a bunch of "the user is 
too dumb to use this device properly" and such, and developers therefore make 
decisions which sometimes a user doesn't know about, nor can the user change 
some things.

There are plenty of users who like things that way.  If you gave them some 
descriptions of what's going to happen, they wouldn't read them, and if they 
did, probably would not understand anyway.

P.T. Barnum's type of people ....

But really, isn't their desires just as valid as yours and mine?  What everyone 
is counting on is the integrity of the developers, or those giving them their 
orders.

You know, like the NSA ....

My preferences:

If I didn't start it up, it should not be running ..

If I shut it down, it should be totally shutdown ..

Now, if that's not possible, then I got a problem with the device.