W3C

Geolocation API PRELIMINARY Implementation Report

This is the preliminary Geolocation API Implementation Report. It is based on the test suite as it appeared on 21 February 2011.

User Agent Tests

TestChrome 9Android HoneycombSafari 5Firefox 3.6Opera
Test 00001: user denies access, check that error callback is called with correct code PASS PASS PASS PASS
Test 00002: user allows access, check that success callback is called or error callback is called with correct code. PASS PASS PASS PASS
Test 00018: call getCurrentPosition, check that there's UI appearing with the document host PASS PASS PASS PASS
Test 00019: call watchPosition, check that there's UI appearing with the document host PASS PASS PASS PASS
Test 00141: user asked to approve/remember, then asked to revoke, then reload. The permission dialogue should reappear. PASS PASS PASS PASS
Test 00142: user asked to deny/remember, then ask to revoke, then reload. The permission dialogue should reappear PASS PASS PASS PASS
Test 00026: check that window.navigator.geolocation exists and is of type 'object'. PASS PASS PASS PASS
Test 00150: check that the geolocation property of window.navigator is enumerable. PASS PASS PASS PASS
Test 00027: call getCurrentPosition without arguments, check that exception is thrown PASS PASS PASS FAIL
Test 00011: call getCurrentPosition with null success callback, check that exception is thrown PASS PASS PASS FAIL
Test 00013: call getCurrentPosition with null success and error callbacks, check that exception is thrown PASS PASS PASS FAIL
Test 00028: call getCurrentPosition() with wrong type for first argument. Exception expected. PASS PASS PASS FAIL
Test 00029: call getCurrentPosition() with wrong type for second argument. Exception expected. PASS PASS PASS FAIL
Test 00030: call getCurrentPosition() with wrong type for third argument. No exception expected. PASS PASS PASS FAIL
Test 00031: Check that getCurrentPosition returns synchronously before any callbacks are invoked. PASS PASS PASS PASS
Test 00058: call watchPosition with no arguments, check that exception is thrown PASS PASS PASS FAIL
Test 00015: call watchPosition with null success callback, check that exception is thrown PASS PASS PASS FAIL
Test 00017: call watchPosition with null success and error callbacks, check that exception is thrown PASS PASS PASS FAIL
Test 00059: call watchPosition() with wrong type for first argument. Exception expected. PASS PASS PASS FAIL
Test 00060: call watchPosition() with wrong type for second argument. Exception expected. PASS PASS PASS FAIL
Test 00061: call watchPosition() with wrong type for third argument. No exception expected. PASS PASS PASS FAIL
Test 00062: check that watchPosition returns synchronously before any callbacks are invoked. PASS PASS PASS PASS
Test 00151: check that watchPosition PASS PASS PASS PASS
Test 00080: Test that calling clearWatch with invalid watch IDs does not cause an exception. PASS PASS PASS PASS
Test 00123: call getCurrentPosition with wrong type for enableHighAccuracy. No exception expected. PASS PASS PASS PASS
Test 00124: call watchPosition with wrong type for enableHighAccuracy. No exception expected. PASS PASS PASS PASS
Test 00086: set timeout and maximumAge to 0, check that timeout error raised (getCurrentPosition) PASS PASS PASS FAIL
Test 00088: set timeout and maximumAge to 0, check that timeout error raised (watchPosition) PASS PASS PASS FAIL
Test 00091: check that a negative timeout value is equivalent to a 0 timeout value (getCurrentLocation) PASS PASS PASS FAIL
Test 00092: check that a negative timeout value is equivalent to a 0 timeout value (watchPosition) PASS PASS PASS FAIL
Test 00095: check existence of timestamp attribute, and correct type PASS PASS PASS PASS
Test 00152: check for latitude and longitude. PASS PASS PASS PASS
Test 00104: check type of altitude PASS PASS PASS PASS
Test 00153: check for accuracy property. PASS PASS PASS PASS
Test 00105: check type of altitudeAccuracy PASS PASS PASS PASS
Test 00106: check type of heading PASS PASS PASS PASS
Test 00107: check type of speed PASS PASS PASS PASS
Test 00108: check that the error type exists and that its attributes have the right numeric value PASS PASS PASS FAIL

Website Tests

Location information tests:

Note: The inclusion of the following web sites in this implementation report does not imply any endorsement by the Geolocation Working Group. When filling out this implementation report, we did not test the actual implementations, but looked at the claims made by the various web sites in Terms of Use and Privacy Policy statements.

Testgoogle.com/latitudetwitter.comflickr.com/map - User not logged in
only requested when necessary The purpose of this service is to share your location with friends. The location is requested immediately after login. Location is only requested after the user has explicitly specified that he/she wants to attach location information to a tweet. Location is only requested once the user clicks on the "Find my location" button.
only used for the task Task: Find your friends on a map and share where you are with the friends you choose.

The Google privacy policy states: [...] we may use the information we collect to: Provide, maintain, protect, and improve our services (including advertising services) and develop new services.
If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.
Task: Location information is added to individual new Tweets on Twitter.com and via other applications/mobile devices that support this feature. Task: Submit your location in order to view Flickr images geotagged with locations near you.

Yahoo Privacy Policy states that "Yahoo! may access, store, and use the location information described above to provide location-aware products and services (such as Yahoo! Local), serve advertising, search results, and other content. Other uses of location information may include determining the appropriate language for presenting a website and assisting in the detection of fraud and abuse."
dispose of when the task is completed, unless expressly permitted The location information is stored until the user manually deletes it. Location data attached to tweets by default becomes public information the moment it is submitted. Twitter stores the location information that is publicly displayed with a Tweet for as long as the Tweet exists. (http://support.twitter.com/groups/31-twitter-basics/topics/111-features/articles/78525-about-the-tweet-location-feature) We're unable to find confirmation in Yahoo's Privacy policy on Data Storage and Anonymization that the location data is NOT deleted.
protected against unauthorized access The location data is accessible to the users and their specified friends. The Google privacy policy document (http://www.google.com/intl/en/privacy/privacy-policy.html) includes details on protection in the "Information security" section. Location data attached to protected tweets is only accessible to manually approved recipients (http://support.twitter.com/groups/31-twitter-basics/topics/113-online-safety/articles/14016-about-public-and-protected-tweets) Yahoo's Security policy statement suggests that this information is sufficiently protected.
if stored, made available for update and deletion Location history management interface:
https://www.google.com/latitude/b/0/history/manage
Twitter provides an interface that lets users delete all location information from your past tweets. It also lets users delete individual past tweets. N/A
makes a clear statement about their retransmission policy Location data is only shared with other users that have been explicitly added (as "Friends"), which falls under the "express permission" definition. The Terms of Service for Google Latitude state that "By using Google's mobile products and services you consent to the collection, use, sharing, and onward transfer of your data." Location data can also be shared with third party applications via the Latitude API under the Google Latitude API Terms of Service. All tweets with location data attached are retransmitted via Twitter's API and SMS service and made available to third party recipients under Twitter's terms of service http://dev.twitter.com/pages/api_terms Yahoo's Privacy policy on location data: http://info.yahoo.com/privacy/us/yahoo/location/ .

Recipients disclosure tests:

Testgoogle.com/latitudetwitter.comflickr.com/map - User not logged in
location information is being collected The Google Latitude UI explicitly shows the user's location on a map. The Twitter UI clearly displays the location information right below the tweet input field. Location data is only requested when the user clicks on the "Find my location" button.
for what purpose it is collected "Find your friends on a map and share where you are with the friends you choose."
(https://www.google.com/latitude/b/0)
The purpose of collecting the location information is clearly stated in the settings UI. The purpose of clicking on the button to "Find my location" should be quite clear to the user from the world map context and the already displayed geotagged images there.
how long it is retained The service history management UI makes it clear that the location data is kept until manually deleted by the user. From the settings page: "When you tweet with a location, Twitter stores that location. You can switch location on/off before each tweet and always have the option to delete your location history." No information at all is disclosed to the user.
how it is secured The location data is accessible to the users and their specified friends. The Google privacy policy document (http://www.google.com/intl/en/privacy/privacy-policy.html) includes details on protection in the "Information security" section. Location data attached to protected tweets is only accessible to manually approved recipients (http://support.twitter.com/groups/31-twitter-basics/topics/113-online-safety/articles/14016-about-public-and-protected-tweets) No information about the security of the data being transmitted (and it is unencrypted).
how it is shared Location data is only shared with other users that have been explicitly added (as "Friends").
The Terms of Service for Google Latitude state that "By using Google's mobile products and services you consent to the collection, use, sharing, and onward transfer of your data." Location data can also be shared with third party applications via the Latitude API under the Google Latitude API Terms of Service.
All tweets with location data attached are retransmitted via Twitter's API and SMS service and made available to third party recipients under Twitter's terms of service http://dev.twitter.com/pages/api_terms Yahoo's Privacy policy on location data is linked to from the flickr.com UI: http://info.yahoo.com/privacy/us/yahoo/location/ .
how it may be accessed/updated/deleted Location history management interface:
https://www.google.com/latitude/b/0/history/manage
All location information from past tweets can be deleted from the settings page. N/A

Last modified: $Date: 2011/06/28 06:18:30 $ by $Author: bertails $