From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Wingo Subject: Re: [PATCH] gnu: Add GeoClue desktop service. Date: Mon, 24 Aug 2015 10:23:40 +0200 Message-ID: <87io859jsj.fsf@igalia.com> References: <877fowpcnd.fsf@igalia.com> <87d1yiyp2o.fsf@gnu.org> <877foqgday.fsf@igalia.com> <87vbc5vg2r.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38218) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZTn2j-0002Bb-Gv for guix-devel@gnu.org; Mon, 24 Aug 2015 04:23:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZTn2g-0003sw-9W for guix-devel@gnu.org; Mon, 24 Aug 2015 04:23:49 -0400 In-Reply-To: <87vbc5vg2r.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Sun, 23 Aug 2015 23:40:44 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org On Sun 23 Aug 2015 23:40, ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Andy Wingo skribis: > >> On Thu 20 Aug 2015 17:09, ludo@gnu.org (Ludovic Court=C3=A8s) writes: >> >>>> +@defvr {Scheme Variable} %standard-geoclue-applications >>>> +The standard list of well-known GeoClue application configurations, >>>> +granting authority to GNOME's date-and-time utility to ask for the >>>> +current location in order to set the time zone, and allowing the Fire= fox >>>> +(IceCat) and Epiphany web browsers to request location information. >>>> +Firefox and Epiphany both query the user before allowing a web page to >>>> +know the user's location. >>>> +@end defvr >>> >>> Does that mean that all these applications get blanket access to >>> location info, and just happen to be nice enough to ask the user? >>> >>> If the answer is yes, I would rather remove the Web browsers from this >>> list by default. >> >> I think that's right. I'm still figuring some of this out :P But yeah, >> I think the reasoning is that since web browsers ask you already, don't >> default to giving the web access, and you already trust the web browser >> in other ways, that this is a reasonable default that prevents >> double-asking. > > OK. But then that raises the question of how applications are > authenticated: if I call my binary =E2=80=98epiphany=E2=80=99, will GeoCl= ue consider it > to be the authorized application? (Sorry for the newbie question...) I think the name is taken from the .desktop files -- which is to say, geoclue trusts the application to be who it says it is. >> I guess ideally it would be going through policykit and asking the user >> through the session manager. Maybe that's a TODO; dunno. > > My only concern is to make sure the default settings are > privacy-preserving. I realize that=E2=80=99s a question that goes beyond= GuixSD > itself though. There are unknowns for me too here, I am also a newbie. I was just packaging things :) However it seems to me that you don't need a location service to get your location -- any app has basically the right privileges to grovel through things on its own, either through geo-IP things or via seeing what wireless hotspots are around, etc. This is what Chromium does for example. The model isn't "an app will never know my location unless geoclue authorizes it". It's more like "users sometimes want their apps to know the user's location, and geoclue can do a good efficient job at it instead of making each app roll its own implementation". But when GeoClue requests authorization, it does so by sending a request to the object installed at /org/freedesktop/GeoClue2/Agent on the system bus. GNOME Shell installs an object there; presumably it uses an overlay dialog to ask the user for permission. I'm not sure how it works in multi-user setups. Without an object installed there I don't know how things work, or if apps that aren't whitelisted work at all. Andy