One of the web sites that I run is, shall we say, aimed at gentlemen of a certain disposition, with particular shared interests, and a fondness for the well honed physique.
I’ve been working on a mobile version of the site, and one of the things that the desktop version has is a list of venues – bars where the members of the site will feel welcome and want to spend some time. This is a natural for adding to the mobile version of the site, and for enhancing with code to support geo-location.
That’s the means by which the web browser can determine its physical location – it works on desktop PCs too, but is obviously even more useful on a mobile device. A couple of JavaScript function calls are all that you need to do this, and then you can let the web server know where the user is, and customise the information.
So, on my site the obvious thing to do is to use this to filter the list of venues, showing those closest to the user, first, and omitting all those over a certain distance away. I’ll do a separate web page explaining how that works from a programming point of view.
There are two interesting things from a privacy and openness viewpoint that struck me, though.
Can you trust location services?
To take the latter first, I was joking to the owner of one of the venues that, for a small consideration, I could make sure that his rival always appeared to be 50km further away than it really is. Although it wasn’t a serious suggestion, it did make me wonder – how can you be sure that such information is trustworthy (beyond the actual error in determining location).
If you’re using a big open site like Google maps, then it’s probably quite reasonable to assume that if they were deliberately omitting, say, branches of Burger King that were close to branches of McDonalds, people would notice. But in a closed application, or a site dedicated to a specific topic, it’s much harder to do. And I wonder just what lengths some people will go to, in order to skew the results (and of course, it’s not just geographically, but given the task in hand, that was what sprung to mind).
Privacy issues
The other topic that I’m wrestling with is privacy. The site has a privacy policy that I think is quite clear, and we explain what persistent cookies are used, and what they’re used for.
Location, it seems to me, is something that needs to be covered in this too. So, does anyone out there have any best practise guidelines for how location data should be used on a website? Obviously this is going to vary from site to site and app to app – for example, the dating app Grindr is based around the idea of showing you who’s in your area, constantly updated, so users are aware it needs that information.
But a site like mine, where location is used in slightly different ways, and hasn’t been used before, perhaps needs to treat it differently.
This is what I’ve come up with, as the basis of a location privacy policy:
1. We will only attempt to determine your location on specific pages, and only when necessary.
2. We will always explain why we are attempting to determine your location (eg, to show you nearby venues, or to let other users know which city and country you are in).
3. We will never show other users your exact position, nor will it be stored in our database.
4. We will always allow you to view and edit any location information before deciding whether or not you want to share it with other users.
You approach does seem reasonable.
In general, it’s a matter of trust. Do your users trust you ? Do they trust you to do only what you say you will ? My guess is that in the sort of relatively small community you describe then there’s a good chance the answer to both would be yes. Of course, given the stigma still attached to the “certain disposition” by significant sections of the population then it’s even more important that the web site operator is trusted AND doesn’t abuse that trust.
A big part of the trust is having a clear statement of what you do, why, and what the limits are.
IMO, the big hoo-har over privacy, location services, etc is because some of the big names doing location services have demonstrated that they have zero respect for privacy and their only interest in being able to sell you something, or sell your details to advertisers.
Since so many outfits not only have complete disregard for users privacy, but will even lie about what they are doing, it’s only natural that people are generally sceptical and defensive about such things.