Open jyasskin opened 2 years ago
Good question! A few thoughts:
Maybe we want something like "country, or a smaller geographical area within a well-established hierarchy within a country, provided that area's population is larger than P"? And then a threshold P somewhere between 100,000 and 500,000 matches my intuition.
I (as a random individual) think location data is always sensitive. Of course, that statement is useless to anyone who wants to anything so some more useful thoughts:
(Sorry about the edits 😕, I really should form my thoughts better before hitting submit.)
We'd break significant aspects of the web if we hid a device's country (or legal jurisdiction) or time zone from websites. On the other hand, the user's current house number or even city block is too sensitive to reveal by default. Where's the border between those two kinds of locations?
I tentatively propose that city-level information is safe, and I believe Apple's Private Relay uses that as its default. We might encourage UAs to have a user control to make their location even more granular. Is "city level" a roughly-20-mile-square granularity, or does the area increase in less-populated areas?