On 19. May 2017, at 14:01, Zeeshan Ali (Khattak) <zeesha...@gnome.org> wrote: > On 18 May 2017 at 18:53, Jan-Tarek Butt <ta...@ring0.de> wrote: >> But I will take a deeper look into geoclue maybe we can also integrate >> communicating with openwifi.su. Maybe we can merge the openwifi.su datas >> into MLS as well. > > The last part would make the most sense but I'm pretty sure: > > * this has been already considered and not acted on (don't recall the > reasons).
The problem is openwifi.su uses the ODbL license for its dataset, which has a share-alike requirement in it. Our legal understanding is that it violates European privacy laws to release a dataset, which contains the combination of a BSSID and a lat/lon position. This combination is considered personally identifiable information. If we were to integrate the openwifi.su dataset into our own, we'd be required to also release our derivative combined dataset under the Odbl. That in turn would mean we'd violate privacy laws. This is not legal advice to anyone else and if you only operate in a single country, the situation might be different. If you are small project the chance of you being sued is also a lot smaller. But given that Google was sued and lost over this, we need to be careful. >> Yes, sure I know what you mean. But it is the only service which works >> without authentication and SSL. Regarding SSL, at Mozilla we very much consider location data to be privacy sensitive. Sharing such privacy sensitive data over a non-encrypted channel is not an option for us. As for authentication, geoclue as a library ships with a built-in API key, so not every user has to get a key. These keys merely help us to attribute traffic to the various clients and act a lot more like an extended user-agent header. Since we are providing this service for free, they also give us a way to shut down access from one client library, without affecting everyone else. We never had to do so, but if someone where to abuse our service, we'd have a way to single out one client, rather than shut down the service for everyone. We specifically don't want to have an API key for a single device or user, as that would allow us to track an individual. Something we really don't want to be able to do. Hanno _______________________________________________ dev-geolocation mailing list dev-geolocation@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-geolocation
