design-reviews#1131: Approximate Geolocation

#1131: Approximate Geolocation

Visit on Github.

Opened

Aug 8, 2025

Specification

https://www.w3.org/TR/geolocation/

Explainer

https://github.com/explainers-by-googlers/approximate-geolocation/blob/main/README.md

The specification

Follows the Web Platform Design Principles.
Includes Security and Privacy Considerations sections based on answers to the Security/Privacy Questionnaire.

Where and by whom is the work is being done?

GitHub repo: https://github.com/w3c/geolocation/
Primary contacts:
- $name @alvinjiooo (spec change collaborator)
- $name @nondebug (spec change collaborator)
- $name @antosart (spec change collaborator)
- $name @reillyeon (spec editor)
Organization/project driving the specification: Chromium
This work is being funded by: N/A
Primary standards group developing this feature: Web Applications WG and Device and Devices and Sensors Working Group
Incubation and standards groups that have discussed the design: https://github.com/w3c/geolocation/issues/182

Feedback so far

Active horizontal reviews: N/A
Multi-stakeholder feedback:
- Chromium comments: https://chromestatus.com/feature/5143609755828224
- Mozilla comments: https://github.com/mozilla/standards-positions/issues/1193
- WebKit comments: https://github.com/WebKit/standards-positions/issues/470
Major unresolved issues with or opposition to this specification:
Status/issue trackers for implementations: https://chromestatus.com/feature/5143609755828224

You should also know that...

Here are the responses to the Security and Privacy Considerations Questionnaire.

2.1. What information does this feature expose, and for what purposes?

This feature modifies how geolocation data is exposed to websites. The primary purpose is to enhance user privacy by allowing sites to function with a less-precise, approximate location, which still serves user needs (like finding nearby points of interest) without revealing sensitive, precise locations (like a home address).

To a first party: The feature exposes a new piece of information: GeolocationPosition.accuracyMode (with values "precise" or "approximate"). This tells the site whether the location it received was intentionally coarsened for privacy. It also exposes a less precise version of the user's location than what is currently available.
To third parties: The exposure is the same as for first parties. However, the design specifies integration with Permissions Policy, allowing the top-level site to restrict or disable this feature in third-party iframes, giving them control over what embedded content can access.

2.2. Do features in your specification expose the minimum amount of information necessary?

Yes, data minimization is the core principle of this feature. By introducing an "approximate" location option, the specification allows a site to receive only the level of location accuracy users grant, rather than defaulting to the most precise location possible. The design explicitly aims to provide a "less effective signal" for tracking by grouping users into larger geographic areas.

2.3. Do the features in your specification expose personal information?

Yes, geolocation is personal information. The design addresses this by introducing a new, more granular permission model.

It adds a "geolocation-approximate" permission, which is subordinate to the existing "geolocation" permission.
This creates a tiered system where users can grant permission for only approximate location, giving them more direct and meaningful control over how their personal information is shared. The feature relies on this enhanced permission model to acquire user consent.

2.4. How do the features in your specification deal with sensitive information?

This feature deals with sensitive location information by adhering to a new, more granular permission model, as described in the explainer. To mitigate the risks of exposing a sensitive, precise location, the feature will prompt the user to grant permission for either precise or approximate location. Based on the user's choice, the browser will return location data at the corresponding level of granularity. This ensures that when a user only consents to sharing an approximate location, the feature provides coarsened data that is less sensitive but still sufficient for many common use cases.

2.14. How does this specification distinguish between behavior in first-party and third-party contexts?

The explainer explicitly calls for Permissions Policy integration. This allows a first-party site owner to create policies that can selectively disable or enable both precise ("geolocation") and approximate ("geolocation-approximate") location access for any embedded third-party iframes. This gives the first party direct control over the feature's use in third-party contexts.

2.16. Does this specification have both "Security Considerations" and "Privacy Considerations" sections?

Yes, the Geolocation API specification defines "Privacy Considerations" and "Security Considerations" sections.

Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1131