Re: [PATCH] gnu: Add GeoClue desktop service.
On Sun 23 Aug 2015 23:40, l...@gnu.org (Ludovic Courtès) writes: Andy Wingo wi...@igalia.com skribis: On Thu 20 Aug 2015 17:09, l...@gnu.org (Ludovic Courtès) writes: +@defvr {Scheme Variable} %standard-geoclue-applications +The standard list of well-known GeoClue application configurations, +granting authority to GNOME's date-and-time utility to ask for the +current location in order to set the time zone, and allowing the Firefox +(IceCat) and Epiphany web browsers to request location information. +Firefox and Epiphany both query the user before allowing a web page to +know the user's location. +@end defvr Does that mean that all these applications get blanket access to location info, and just happen to be nice enough to ask the user? If the answer is yes, I would rather remove the Web browsers from this list by default. I think that's right. I'm still figuring some of this out :P But yeah, I think the reasoning is that since web browsers ask you already, don't default to giving the web access, and you already trust the web browser in other ways, that this is a reasonable default that prevents double-asking. OK. But then that raises the question of how applications are authenticated: if I call my binary ‘epiphany’, will GeoClue consider it to be the authorized application? (Sorry for the newbie question...) I think the name is taken from the .desktop files -- which is to say, geoclue trusts the application to be who it says it is. I guess ideally it would be going through policykit and asking the user through the session manager. Maybe that's a TODO; dunno. My only concern is to make sure the default settings are privacy-preserving. I realize that’s a question that goes beyond GuixSD itself though. There are unknowns for me too here, I am also a newbie. I was just packaging things :) However it seems to me that you don't need a location service to get your location -- any app has basically the right privileges to grovel through things on its own, either through geo-IP things or via seeing what wireless hotspots are around, etc. This is what Chromium does for example. The model isn't an app will never know my location unless geoclue authorizes it. It's more like users sometimes want their apps to know the user's location, and geoclue can do a good efficient job at it instead of making each app roll its own implementation. But when GeoClue requests authorization, it does so by sending a request to the object installed at /org/freedesktop/GeoClue2/Agent on the system bus. GNOME Shell installs an object there; presumably it uses an overlay dialog to ask the user for permission. I'm not sure how it works in multi-user setups. Without an object installed there I don't know how things work, or if apps that aren't whitelisted work at all. Andy
Re: [PATCH] gnu: Add GeoClue desktop service.
Andy Wingo wi...@igalia.com skribis: However it seems to me that you don't need a location service to get your location -- any app has basically the right privileges to grovel through things on its own, either through geo-IP things or via seeing what wireless hotspots are around, etc. This is what Chromium does for example. The model isn't an app will never know my location unless geoclue authorizes it. It's more like users sometimes want their apps to know the user's location, and geoclue can do a good efficient job at it instead of making each app roll its own implementation. Yeah, good point. WiFi data is definitely available wide-open to programs anyway. Not so much we can do, it seems. Thanks for your feedback, Ludo’.
Re: [PATCH] gnu: Add GeoClue desktop service.
Andy Wingo wi...@igalia.com skribis: On Thu 20 Aug 2015 17:09, l...@gnu.org (Ludovic Courtès) writes: +@defvr {Scheme Variable} %standard-geoclue-applications +The standard list of well-known GeoClue application configurations, +granting authority to GNOME's date-and-time utility to ask for the +current location in order to set the time zone, and allowing the Firefox +(IceCat) and Epiphany web browsers to request location information. +Firefox and Epiphany both query the user before allowing a web page to +know the user's location. +@end defvr Does that mean that all these applications get blanket access to location info, and just happen to be nice enough to ask the user? If the answer is yes, I would rather remove the Web browsers from this list by default. I think that's right. I'm still figuring some of this out :P But yeah, I think the reasoning is that since web browsers ask you already, don't default to giving the web access, and you already trust the web browser in other ways, that this is a reasonable default that prevents double-asking. OK. But then that raises the question of how applications are authenticated: if I call my binary ‘epiphany’, will GeoClue consider it to be the authorized application? (Sorry for the newbie question...) I guess ideally it would be going through policykit and asking the user through the session manager. Maybe that's a TODO; dunno. My only concern is to make sure the default settings are privacy-preserving. I realize that’s a question that goes beyond GuixSD itself though. Thank you, Ludo’.
Re: [PATCH] gnu: Add GeoClue desktop service.
Andy Wingo wi...@igalia.com skribis: From d94d4fb4c89ec6cde152ab031244a3977e216b1e Mon Sep 17 00:00:00 2001 From: Andy Wingo wi...@pobox.com Date: Sat, 15 Aug 2015 20:43:03 +0200 Subject: [PATCH 2/2] Add GeoClue service. * gnu/services/desktop.scm (bool): New top-level helper. (upower-configuration-file): Use top-level `bool'. (geoclue-application): New public function. (%standard-geoclue-applications): New public variable. (geoclue-service): New public variable. (%desktop-services): Add GeoClue. Add a comment about activation. * doc/guix.texi (Desktop Services): Document the GeoClue service. Applied, thanks! +@defvr {Scheme Variable} %standard-geoclue-applications +The standard list of well-known GeoClue application configurations, +granting authority to GNOME's date-and-time utility to ask for the +current location in order to set the time zone, and allowing the Firefox +(IceCat) and Epiphany web browsers to request location information. +Firefox and Epiphany both query the user before allowing a web page to +know the user's location. +@end defvr Does that mean that all these applications get blanket access to location info, and just happen to be nice enough to ask the user? If the answer is yes, I would rather remove the Web browsers from this list by default. WDYT? Thanks, Ludo’.
Re: [PATCH] gnu: Add GeoClue desktop service.
On Thu 20 Aug 2015 17:09, l...@gnu.org (Ludovic Courtès) writes: +@defvr {Scheme Variable} %standard-geoclue-applications +The standard list of well-known GeoClue application configurations, +granting authority to GNOME's date-and-time utility to ask for the +current location in order to set the time zone, and allowing the Firefox +(IceCat) and Epiphany web browsers to request location information. +Firefox and Epiphany both query the user before allowing a web page to +know the user's location. +@end defvr Does that mean that all these applications get blanket access to location info, and just happen to be nice enough to ask the user? If the answer is yes, I would rather remove the Web browsers from this list by default. I think that's right. I'm still figuring some of this out :P But yeah, I think the reasoning is that since web browsers ask you already, don't default to giving the web access, and you already trust the web browser in other ways, that this is a reasonable default that prevents double-asking. I guess ideally it would be going through policykit and asking the user through the session manager. Maybe that's a TODO; dunno. Andy