FRESH

Hacker News

Home

The <Geolocation> HTML Element

103 points by enz

by mkl

2 subcomments

This might be easier than refusing permission every time - it sounds like I can just not click it. I really dislike location permission things. I don't know what location will be shared, I don't use anything that needs a precise location, and I don't ever want to share my actual location. If location permission things showed me a map with where they think I am and let me click a (vague) location to share, I might use them, but currently to find nearest stores or whatever I just type in a postcode or use their map.
Edit: this has prompted me to go find a way to turn off location permission requests in the browser settings. It turns out you can do it under Privacy and Security > Site Settings in Firefox and Chrome.

by marginalia_nu

1 subcomments

This seems pretty sketchy, and I don't really understand what prevents a website from clickjacking.
The original flow is awkward, but also renders the permission element in a location that can't be clickjacked, thus offering some protection from geolocation.

by crote

4 subcomments

I'm a bit confused about how it actually works, and somehow they decided to not include a demonstration video.
If clicking on it does trigger a location permission prompt: what's the point? The "issues" with prompts getting denied can already be solved by web developers doing this themselves, rather than just blindly firing off a request on page load.
If clicking on it does not trigger a location permission prompt: have we forgotten about the Line Of Death [0]? Clicking random website-styled elements should never result in dangerous actions being taken - and leaking the user's physical location is definitely dangerous. Sure, they are trying to restrict the styling, but that's a fools' errant: somebody will just make a browser game where the button looks to refer to something ingame, but actually leak your real-world location.
Besides, who's actually asking for this? Location is perhaps useful for Google Maps-like websites to save you a few seconds of scrolling, but in practice it has mostly been spammy websites trying to get me to "subscribe to local news". Making geolocation easier is the last thing I want in my browser!
[0]: https://textslashplain.com/2017/01/14/the-line-of-death/

by SquareWheel

0 subcomment

Contextual permissions are a big improvement over early and uncertain prompts. I will never agree to grant my permission when first loading a page, however, I may do so if intentionally activating a map widget. At least then I understand the context by which it's being asked, and can make a more informed decision.

by quiet35

1 subcomments

The main intent behind this seems to be constantly reminding users that enabling geolocation is an option, and that it is an ordinary thing to do. Dear user, why don't you still use it, everyone does it. Just click the button!

by nake89

1 subcomments

I'm curious to why the polyfill example uses unpkg.com. It is quite unreliable and has broken sites many times.
jsdelivr.com is much more reliable (Multi-CDN, Multi-DNS). Comparison: https://www.jsdelivr.com/unpkg
I am not affiliated in anyway to jsdeliver or unpkg. I simply used to be a user on unpkg.

by zero0529

0 subcomment

This is pretty cool. But what gets me really excited is the new generic <Permission>[0] element. I had to implement a webcam element one time for some CV pet project and I had a lot of trouble getting the basic api to just work (Highly likely a skill issue). So seeing that this will also expand to webcam and other IO seems like a really good UX improvement.
- [0] https://github.com/WICG/PEPC/blob/main/explainer.md

by Barathkanna

0 subcomment

This mostly changes how location is requested, not what you can do with it. Instead of imperative JS calls, location access becomes declarative in HTML, which gives browsers more context for permission UX and auditing. Your app logic, data flow, and fallbacks don’t change, and you’ll still need JS to actually use the location. Think of it as a cleaner permission and intent layer, not a new geolocation capability.

by grugdev42

2 subcomments

I just don't get it. Why is this needed?
But I have no doubt there is a play happening here.
Probably it will change over time to make gathering data easier?
Or something else that makes Google money.

by LordHeini

0 subcomment

I assume an adblocker can remove those.
That would be a net benefit because pages requesting location for no reason end up in the block list and don't annoy me anymore.

by bflesch

1 subcomments

Main purpose of this seems to offer a way for undoing "previously blocked location access" by the user.
> If a prompt appears unexpectedly, users may block it reflexively or accidentally, unaware that this decision creates a permanent block that is difficult to reverse. This context gap—rather than the feature itself—is a primary driver of high denial rates.
> If a user previously blocked location access when browsing a site (perhaps by accident or lack of context), clicking the element triggers a specialized recovery flow. This helps them re-enable location at the moment when they actually want to use location, without the friction of navigating deep into the browser's site settings.
Google sees "high denial rates" when they try ask users for their geolocation. This is a problem for Google's customers, the advertisers. So they introduce this <geolocation> HTML tag so that dark patterns can be employed to trick users into permanently sharing location even though they have blocked location sharing before.
If the Google engineers who are working on this feature would actually give a damn about users who decided to block geolocation access, this feature would be designed as a "temporary access to geolocation for duration of browser session".
So basically it is all about more tracking and less data privacy.
It's overdue that skilled engineers provide better solutions than this crap, but of course it's much easier to be apolitical and become a millionaire working for a bunch of tech bros who visited Epstein's island.

by jampekka

2 subcomments

The demo crashes Chrome on Android for me.
https://permission.site/geolocation_element.html

by ramon156

1 subcomments

Why not just expose a GeoLocationEvent and call it a day? why add another element people will wrap anyway?...

by troupo

1 subcomments

Even though the other browser vendors have positive reaction, note how this follows the same pattern Chrome has followed for over a decade:
- scribble on a napkin (explainer)
- ask others for their position
- ship regardless of position or any outstanding issues
- claim it's a new standard

0 subcomment

by maelito

0 subcomment

I wonder if this new element is used by MapLibre.

by jauntywundrkind

1 subcomments

Yay! Next up, <usermedia>, which is even more vital a permission to be able to flip on and off!! https://github.com/WICG/PEPC/blob/main/usermedia_element.md https://groups.google.com/a/chromium.org/g/blink-dev/c/jQgYo...
As noted in the intent to ship for both, these are a very specific narrow cases chipped off a bunch broader attempt to offer declarative ways to handle permissions in general, a <permission> element.
Intent-to-ship for geolocation: https://groups.google.com/a/chromium.org/g/blink-dev/c/GL0Bk...
Earlier Page-Embedded Permissions Control (PEPC) proposal: https://github.com/WICG/proposals/issues/113 https://github.com/andypaicu/PEPC/blob/main/explainer.md
The root problem is that permissions right now are super hard to adjust for users (and the way they are exposed to the page is not very good at dealing with users turning permissions on and off either). It's imo very good that we are finally leaving this awful tarpit of design, & moving towards permissions being more fluid. I get that other browsers wanted to be conservative & not do a generic <permission> element, but given how big an improvement this feels like, I sort of wish it'd gotten the pass.