I've been investigating the issue a bit. My understanding of the situation is that Chromium (used by oxide) keeps its own cache for last known location, and that's what it uses when the client plays with the "maximumAge" option; otherwise, it assumes that the location provider always returns new positions. The interface it offers to let developers implement custom location providers (and which oxide uses to implement its QtPositioning-based backend) is this one:
https://chromium.googlesource.com/chromium/chromium/+/trunk/content/public/browser/location_provider.h As you can see, it doesn't offer a way to let custom implementations specify a last known position. Some time ago, I made a change to the location service which makes it always return the last known position as soon as a client starts requesting updates: http://bazaar.launchpad.net/~phablet-team/location- service/15.04/revision/204 The plan was to obfuscate that location update and also to decrease its accuracy as it ages (and indeed, not report a position at all if so much time has passed that the user could be anywhere now), but this hasn't been implemented yet. Also, as this bug report says, we probably should not return a cached position to a client which has just been authorised to use the location service. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1551686 Title: browser leaks old location data to web pages Status in Oxide: New Status in location-service package in Ubuntu: New Status in webbrowser-app package in Ubuntu: Invalid Bug description: visit a web page that requests your current location, for example http ://where-am-i.net it prompts to get permission to share the current location, hit allow and it will probably show where you were a few hours ago as the GPS will have a cached location. Refreshing won't update the location, only applications that subscribe to updates cause the GPS to get a new location. The problem here is that I authorised the web page to know where I am now. I am OK with giving my current position to the web page requesting it. I *didn't* authorise it to know where I was yesterday or this morning, and I might have reasons to not want it to know where my house is, even though I am fine with it knowing where I am right now. The web browser app should not reveal GPS locations that are older than the decision to allow location to be shared with the page. To manage notifications about this bug go to: https://bugs.launchpad.net/oxide/+bug/1551686/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
