Disclaimer: personal views abound.I’ve recently been playing around with Google Latitude (the few folks I’d use it with are privacy-conscious enough that they don’t, so it’s boring), and I’ve tried the PicPosterous iPhone app. I’ve also been a close observer of what’s going on in W3C’s geolocation Working Group. It strikes me that, as they ask for users’ locations, many applications (native and otherwise) start with, well, bad manners. Take PicPosterous: That application wants to turn on the iPhone’s location system before I’ve had any interaction with the app at all. What is it going to do with my location? I don’t know. Is it going to track me? I don’t know. Is it going to keep a trail of where I am forever? I don’t know. Or take Google: When I start up Latitude, I expect to deal with location data. That’s ok. But I don’t expect Google Reader to start tracking me down just because I signed in to a different, location aware service from the same company. That kind of unexpected behavior really smells like spyware. It makes me want to turn off the GPS (and the other location services) most of the time — which, of course, makes the legitimate location-aware services a pain to use. Dear developers: Build your applications so they don’t look like Spyware. Don’t surprise me. Be predictable. Put me in control.
- Don’t locate the user unless he’s said so. Take PicPosterous: The purpose of the location gathering is geotagging a picture. Why not pop up a quick dialogue that says “I’d like to geotag this picture. Shall I?” And why not locate me only when a picture is taken? All that would go a long way toward building some trust in the application’s behavior. Or take Google Reader (or Latitude): Why not give me a setting “update my location whenever I use Google applications”, with default “off”?
- If you’re an application that needs to track my location (say, you’re a turn-by-turn navigation tool, or you’re Google Reader and I’ve told you to find me), remind me. Give me a little button to turn off your location function. Again: Don’t surprise me, and put me in control of what you do.
- Tell me what else you do with the data, in plain English. Start out with what the latest draft of the geolocation API spec has to say, and be very clear when you do anything else. Even better, give me an option.
Now, to the user agents: I like minimalistic user interfaces, and I think that a distribution of concerns where responsibility for secondary use rests with the Web application is a sane design approach. But however much I like a simple, non-modal “locate me / don’t locate me” dialogue when I’m asked for my location: Privacy doesn’t end at that first click.
- Even when I click that “remember for this site” option, I’ll probably forget about it in a while. You better ask me again when I haven’t visited the site for a while.
- A web application might behave badly. Remind me whether someone’s locating me right now (how about a little pulsating crosshair?), make it a no-brainer for me to figure out who knows where I am, and make it really easy for me to stop sharing location data — with any of them, or with all of them.
- Give me an option to lie about my current location.
Extension developers to the rescue?